[ovirt-users] Re: Network profile filtering

2020-11-13 Thread Pascal DeMilly 
Thank you Dominik,

I finally got it to work by disabling VLAN ID on the port. I guess the VLAN
ID takes precedence to this filter

No I was not aware I could mix and match 4.3 and 4.4. I will look into it.
Any documents you have in mind I should consult. Too many results from
google saying otherwise


Thank again

Pascal

On Fri, Nov 13, 2020 at 7:28 AM Dominik Holler  wrote:

>
>
> On Fri, Nov 13, 2020 at 4:19 PM Pascal DeMilly 
> wrote:
>
>> Thank you
>>
>> That is exactly what I was looking for.  Any chance it could be back
>> ported to 4.3. Maybe list the rules and I could use rest API to add it to
>> my court install
>>
>
> On ovirt-4.3 there is only
> *Bug 1009608*  - [RFE]
> Limit east-west traffic of VMs with network filter
> The isolated ports cannot be backported to oVirt 4.3, because the isolated
> ports require a new feature from CentOS 8 kernel and CentOS 8.3 libvirt.
>
>
>>
>> I'm not eager to move yet to 4.4 since I'm reading on this list lot of
>> people have issue migrating  and I have 20 hosts running currently
>>
>>
>
> Are you aware that you could upgrade oVirt Engine and go on with the oVirt
> 4.3 hosts?
> This way you could have some new CentOS 8 based oVirt-4.4 hosts which use
> the new features, and leave the other hosts on CentOS 7 based oVirt 4.3 .
>
>
>
>>
>>
>> Get Outlook for Android 
>>
>> --
>> *From:* Dominik Holler 
>> *Sent:* Friday, November 13, 2020 6:21:56 AM
>> *To:* Pascal DeMilly 
>> *Cc:* users 
>> *Subject:* Re: [ovirt-users] Network profile filtering
>>
>>
>>
>> On Fri, Nov 13, 2020 at 5:13 AM  wrote:
>>
>> I am using ovirt 4.3. I am in need to isolate all my VM from each other
>> (without using VLAN) except to a virtual gateway which is also the DHCP
>> server.
>>
>> Basically only allowing traffic from 1 MAC address to another MAC
>> address. Everything else should be filter out by ovirt filtering subsystem
>>
>> How will I go about that? I can see in network profile the ability to set
>> different filter but can't find a way to create new filter.
>>
>>
>> Does the Doc Text of
>> *Bug 1009608*  - [RFE]
>> Limit east-west traffic of VMs with network filter
>> https://bugzilla.redhat.com/show_bug.cgi?id=1009608
>> explain the configuration of the filter?
>>
>> Please note that there will be isolated ports
>>
>> https://www.ovirt.org/develop/release-management/features/network/isolated-ports.html
>> available in ovirt-4.4.3 on CentOS 8.3 , which might address your
>> scenario even better.
>>
>>
>>
>> Thanks for your help
>>
>> Pascal
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QIYX2SA7TBEFGAACQBLPHOZCKI7WOQHM/
>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HNYBXYKZZM4RXTIAVRBC7QWJWUIBH65M/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3ACEVRYMTNV3TFIU5ZMK76EHNQOQTOCC/

[ovirt-users] Re: Network profile filtering

2020-11-13 Thread Dominik Holler 
On Fri, Nov 13, 2020 at 4:19 PM Pascal DeMilly 
wrote:

> Thank you
>
> That is exactly what I was looking for.  Any chance it could be back
> ported to 4.3. Maybe list the rules and I could use rest API to add it to
> my court install
>

On ovirt-4.3 there is only
*Bug 1009608*  - [RFE]
Limit east-west traffic of VMs with network filter
The isolated ports cannot be backported to oVirt 4.3, because the isolated
ports require a new feature from CentOS 8 kernel and CentOS 8.3 libvirt.


>
> I'm not eager to move yet to 4.4 since I'm reading on this list lot of
> people have issue migrating  and I have 20 hosts running currently
>
>

Are you aware that you could upgrade oVirt Engine and go on with the oVirt
4.3 hosts?
This way you could have some new CentOS 8 based oVirt-4.4 hosts which use
the new features, and leave the other hosts on CentOS 7 based oVirt 4.3 .



>
>
> Get Outlook for Android 
>
> --
> *From:* Dominik Holler 
> *Sent:* Friday, November 13, 2020 6:21:56 AM
> *To:* Pascal DeMilly 
> *Cc:* users 
> *Subject:* Re: [ovirt-users] Network profile filtering
>
>
>
> On Fri, Nov 13, 2020 at 5:13 AM  wrote:
>
> I am using ovirt 4.3. I am in need to isolate all my VM from each other
> (without using VLAN) except to a virtual gateway which is also the DHCP
> server.
>
> Basically only allowing traffic from 1 MAC address to another MAC address.
> Everything else should be filter out by ovirt filtering subsystem
>
> How will I go about that? I can see in network profile the ability to set
> different filter but can't find a way to create new filter.
>
>
> Does the Doc Text of
> *Bug 1009608*  - [RFE]
> Limit east-west traffic of VMs with network filter
> https://bugzilla.redhat.com/show_bug.cgi?id=1009608
> explain the configuration of the filter?
>
> Please note that there will be isolated ports
>
> https://www.ovirt.org/develop/release-management/features/network/isolated-ports.html
> available in ovirt-4.4.3 on CentOS 8.3 , which might address your scenario
> even better.
>
>
>
> Thanks for your help
>
> Pascal
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QIYX2SA7TBEFGAACQBLPHOZCKI7WOQHM/
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HNYBXYKZZM4RXTIAVRBC7QWJWUIBH65M/

[ovirt-users] Re: Network profile filtering

2020-11-13 Thread Pascal DeMilly 
Thank you

That is exactly what I was looking for.  Any chance it could be back ported to 
4.3. Maybe list the rules and I could use rest API to add it to my court install

I'm not eager to move yet to 4.4 since I'm reading on this list lot of people 
have issue migrating  and I have 20 hosts running currently



Get Outlook for Android


From: Dominik Holler 
Sent: Friday, November 13, 2020 6:21:56 AM
To: Pascal DeMilly 
Cc: users 
Subject: Re: [ovirt-users] Network profile filtering



On Fri, Nov 13, 2020 at 5:13 AM 
mailto:pas...@butterflyit.com>> wrote:
I am using ovirt 4.3. I am in need to isolate all my VM from each other 
(without using VLAN) except to a virtual gateway which is also the DHCP server.

Basically only allowing traffic from 1 MAC address to another MAC address. 
Everything else should be filter out by ovirt filtering subsystem

How will I go about that? I can see in network profile the ability to set 
different filter but can't find a way to create new filter.


Does the Doc Text of
Bug 1009608 - [RFE] Limit 
east-west traffic of VMs with network filter
https://bugzilla.redhat.com/show_bug.cgi?id=1009608
explain the configuration of the filter?

Please note that there will be isolated ports
https://www.ovirt.org/develop/release-management/features/network/isolated-ports.html
available in ovirt-4.4.3 on CentOS 8.3 , which might address your scenario even 
better.


Thanks for your help

Pascal
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QIYX2SA7TBEFGAACQBLPHOZCKI7WOQHM/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y7DZ7UINXTQIY626RAS3263AYROLDE3P/

[ovirt-users] Re: Network profile filtering

2020-11-13 Thread Dominik Holler 
On Fri, Nov 13, 2020 at 5:13 AM  wrote:

> I am using ovirt 4.3. I am in need to isolate all my VM from each other
> (without using VLAN) except to a virtual gateway which is also the DHCP
> server.
>
> Basically only allowing traffic from 1 MAC address to another MAC address.
> Everything else should be filter out by ovirt filtering subsystem
>
> How will I go about that? I can see in network profile the ability to set
> different filter but can't find a way to create new filter.
>
>
Does the Doc Text of
*Bug 1009608*  - [RFE]
Limit east-west traffic of VMs with network filter
https://bugzilla.redhat.com/show_bug.cgi?id=1009608
explain the configuration of the filter?

Please note that there will be isolated ports
https://www.ovirt.org/develop/release-management/features/network/isolated-ports.html
available in ovirt-4.4.3 on CentOS 8.3 , which might address your scenario
even better.



> Thanks for your help
>
> Pascal
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QIYX2SA7TBEFGAACQBLPHOZCKI7WOQHM/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/V4WUYEBTI6XJ6XD3Z7I66K6WVG7377T2/