Re: [Users] users quota and limit ips
Another approach would be to use logical networks and router software. Logical network 1 - has vm running ddwrt (or openwrt, m0n0wall, etc) with 2 NICs. one of the router VM NICs is on your network, and the other one gives out IP addresses on a range you specify (say 192.168.13.X). - VMs get IP addresses, DNS, and connectivity through router VM. Logical network 2 - has vm running ddwrt (or openwrt, m0n0wall, etc) with 2 NICs. one of the router VM NICs is on your network, and the other one gives out IP addresses on a range you specify (say 192.168.15.X). - VMs get IP addresses, DNS, and connectivity through router VM. You can predefine which logical network your users virtual machine will be put on based on the template you give them access to. This all requires some additional configuration (delegation) if you want the virtual machines to be routable from beyond the router they are behind. Tim Hildred, RHCE Content Author II - Engineering Content Services, Red Hat, Inc. Brisbane, Australia Email: thild...@redhat.com Internal: 8588287 Mobile: +61 4 666 25242 IRC: thildred - Original Message - > From: "Andrej Bagon" > To: "users" > Sent: Friday, April 19, 2013 12:15:38 AM > Subject: [Users] users quota and limit ips > > Hi all, > > we are wondering how can we limit a user to use IPs we give him and not > others. > Best is understood from an example: > - we give a user a quota (with x CPU, y memory and z disk space) > - a user can create one VirtualMachine with all the resources, or more > VirtualMachines with smaller resources. > - we want to give a user a pool of IPs. He should not use other IPs. If > he uses other IP it should not be routable. > > Is there a solution for this problem? > > Thank you. > > Best Regards, > Andrej Bagon > Arnes > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] users quota and limit ips
On 04/18/2013 05:48 PM, Jiri Belka wrote: On Thu, 18 Apr 2013 16:15:38 +0200 Andrej Bagon wrote: Hi all, we are wondering how can we limit a user to use IPs we give him and not others. Best is understood from an example: - we give a user a quota (with x CPU, y memory and z disk space) - a user can create one VirtualMachine with all the resources, or more VirtualMachines with smaller resources. - we want to give a user a pool of IPs. He should not use other IPs. If he uses other IP it should not be routable. Is there a solution for this problem? Normal solution: * mirror port on your switch which is forwarded to a NIDS and search for unauthoried IPs MACs pairs "Software foo can to everything" solution: * libvirt know nwfilter * vdsm has hooks thus combination of your own nwfilters, custom properties and vdsm hooks. Or raise a RFE so we could assing nwfilters to a VM. my take is that as long as you use an external ip allocation mechanism (dhcp/static) - its up to you to limit. once engine will do the allocations (IPAM, or L3), then quota's for IP addresses could be relevant. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] users quota and limit ips
On Thu, 18 Apr 2013 16:15:38 +0200 Andrej Bagon wrote: > Hi all, > > we are wondering how can we limit a user to use IPs we give him and not > others. > Best is understood from an example: > - we give a user a quota (with x CPU, y memory and z disk space) > - a user can create one VirtualMachine with all the resources, or more > VirtualMachines with smaller resources. > - we want to give a user a pool of IPs. He should not use other IPs. If > he uses other IP it should not be routable. > > Is there a solution for this problem? Normal solution: * mirror port on your switch which is forwarded to a NIDS and search for unauthoried IPs MACs pairs "Software foo can to everything" solution: * libvirt know nwfilter * vdsm has hooks thus combination of your own nwfilters, custom properties and vdsm hooks. Or raise a RFE so we could assing nwfilters to a VM. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] users quota and limit ips
Hi, I personally would use DHCP for this instead of static IPs... You can maybe create a hook script to block non-allowed-IPs on your vm-bridge - didn't test this, but think should work... Regards, René -Original message- > From:Andrej Bagon > Sent: Thursday 18th April 2013 16:16 > To: users > Subject: [Users] users quota and limit ips > > Hi all, > > we are wondering how can we limit a user to use IPs we give him and not > others. > Best is understood from an example: > - we give a user a quota (with x CPU, y memory and z disk space) > - a user can create one VirtualMachine with all the resources, or more > VirtualMachines with smaller resources. > - we want to give a user a pool of IPs. He should not use other IPs. If > he uses other IP it should not be routable. > > Is there a solution for this problem? > > Thank you. > > Best Regards, > Andrej Bagon > Arnes > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] users quota and limit ips
Hi all, we are wondering how can we limit a user to use IPs we give him and not others. Best is understood from an example: - we give a user a quota (with x CPU, y memory and z disk space) - a user can create one VirtualMachine with all the resources, or more VirtualMachines with smaller resources. - we want to give a user a pool of IPs. He should not use other IPs. If he uses other IP it should not be routable. Is there a solution for this problem? Thank you. Best Regards, Andrej Bagon Arnes ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users