Re: [ovirt-users] How to add the clean-traffic network-filter to a guest

2016-09-25 Thread Troels Arvin 
Edward Haas wrote:
> In 4.0 you can set this in the vnic profile (per network).
> 
> With 3.6, you will need to create a hook to do it.

Thanks - it sounds like a very good reason for an upgrade, then.

-- 
Regards,
Troels Arvin

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to add the clean-traffic network-filter to a guest

2016-09-25 Thread Michael Burman 
Hi

You can check this feature page to configure network filter per vNIC
profile on 4.0
https://www.ovirt.org/feature/networkfilter/

Thanks

On Sun, Sep 25, 2016 at 3:36 PM, Edward Haas  wrote:

>
>
> On Sun, Sep 25, 2016 at 11:17 AM, Troels Arvin  wrote:
>
>> I would like to minimize the risk of virtual servers harming each other.
>> As part of this, I would like to prevent them from changing their IP
>> address to something different from what they are expected to have. In
>> other words, I would like to prevent IP address spoofing in the guests.
>> And I want to be able to do this without having to assign a different VLAN
>> to each guest.
>>
>> Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.
>>
>> Using virsh -r dumpxml   on a host, I can see that the guests
>> have the "vdsm-no-mac-spoofing" network filter active for the virtual
>> network interface.
>>
>> But what if I want the "clean-traffic" filter to be active for the
>> guests, as well (or instead): Is there a way to accomplish that in the
>> RHEV-M/oVirt management interface? If so: Where's the option(s) to be
>> found in the management interface? Can it be done globally, i.e. as a
>> default when guests are started?
>>
>>
> In 4.0 you can set this in the vnic profile (per network).
>
> With 3.6, you will need to create a hook to do it.
> See https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof to get
> an idea how you could do it.
>
>
>> --
>> Regards,
>> Troels Arvin
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>


-- 
Michael Burman
RedHat Israel, RHEV-M QE Network Team

Mobile: 054-5355725
IRC: mburman
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] How to add the clean-traffic network-filter to a guest

2016-09-25 Thread Troels Arvin 
I would like to minimize the risk of virtual servers harming each other. 
As part of this, I would like to prevent them from changing their IP 
address to something different from what they are expected to have. In 
other words, I would like to prevent IP address spoofing in the guests. 
And I want to be able to do this without having to assign a different VLAN 
to each guest.

Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.

Using virsh -r dumpxml   on a host, I can see that the guests 
have the "vdsm-no-mac-spoofing" network filter active for the virtual 
network interface.

But what if I want the "clean-traffic" filter to be active for the 
guests, as well (or instead): Is there a way to accomplish that in the 
RHEV-M/oVirt management interface? If so: Where's the option(s) to be 
found in the management interface? Can it be done globally, i.e. as a 
default when guests are started?

-- 
Regards,
Troels Arvin

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users