On 08/20/2010 08:48 PM, Robert Rebstock wrote:
Hello.
Thank you for your answer.
----- Original Message -----
From: "Avi Kivity"<[email protected]>
To: "Robert Rebstock"<[email protected]>
Cc: [email protected]
Sent: Tuesday, August 17, 2010 11:36:41 AM
Subject: Re: guest MAC-address isolation
On 08/06/2010 08:09 PM, Robert Rebstock wrote:
Hello all,
can anyone recommend a better way to achieve (guest agnostic) MAC-address
isolation in qemu/kvm then with user-mode networking?
I have multiple guests requiring the same MAC-address, and user-mode/slirp
networking is quite slow.
You can put the different guests on different bridges, and use IP
routing to connect the two bridges; or you can use ebtables to mangle
the MAC addresses.
Could you possibly give me an example? Unfortunately my networking skills are
not the best,
which is not to say that I don't try. The best I can do, after reading the
documentation I could find, is:
ebtables -t nat -A PREROUTING -d 00:11:11:11:11:11 -j dnat --to-dest
00:01:23:45:67:89 --dnat-target ACCEPT
ebtables -t nat -A POSTROUTING -s 00:01:23:45:67:89 -j snat --to-src
00:11:11:11:11:11 --snat-arp --snat-target ACCEPT
but I can see no way to mangle multiple identical MACs so as to achieve layer-2
isolation for my snapshotted VMs.
You could use --in-interface to select packets based on which guest they
originated from (for snat).
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
