Re: [ovirt-users] How to add the clean-traffic network-filter to a guest
Edward Haas wrote: > In 4.0 you can set this in the vnic profile (per network). > > With 3.6, you will need to create a hook to do it. Thanks - it sounds like a very good reason for an upgrade, then. -- Regards, Troels Arvin ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How to add the clean-traffic network-filter to a guest
Hi You can check this feature page to configure network filter per vNIC profile on 4.0 https://www.ovirt.org/feature/networkfilter/ Thanks On Sun, Sep 25, 2016 at 3:36 PM, Edward Haas wrote: > > > On Sun, Sep 25, 2016 at 11:17 AM, Troels Arvin wrote: > >> I would like to minimize the risk of virtual servers harming each other. >> As part of this, I would like to prevent them from changing their IP >> address to something different from what they are expected to have. In >> other words, I would like to prevent IP address spoofing in the guests. >> And I want to be able to do this without having to assign a different VLAN >> to each guest. >> >> Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts. >> >> Using virsh -r dumpxml on a host, I can see that the guests >> have the "vdsm-no-mac-spoofing" network filter active for the virtual >> network interface. >> >> But what if I want the "clean-traffic" filter to be active for the >> guests, as well (or instead): Is there a way to accomplish that in the >> RHEV-M/oVirt management interface? If so: Where's the option(s) to be >> found in the management interface? Can it be done globally, i.e. as a >> default when guests are started? >> >> > In 4.0 you can set this in the vnic profile (per network). > > With 3.6, you will need to create a hook to do it. > See https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof to get > an idea how you could do it. > > >> -- >> Regards, >> Troels Arvin >> >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > -- Michael Burman RedHat Israel, RHEV-M QE Network Team Mobile: 054-5355725 IRC: mburman ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How to add the clean-traffic network-filter to a guest
On Sun, Sep 25, 2016 at 11:17 AM, Troels Arvin wrote: > I would like to minimize the risk of virtual servers harming each other. > As part of this, I would like to prevent them from changing their IP > address to something different from what they are expected to have. In > other words, I would like to prevent IP address spoofing in the guests. > And I want to be able to do this without having to assign a different VLAN > to each guest. > > Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts. > > Using virsh -r dumpxml on a host, I can see that the guests > have the "vdsm-no-mac-spoofing" network filter active for the virtual > network interface. > > But what if I want the "clean-traffic" filter to be active for the > guests, as well (or instead): Is there a way to accomplish that in the > RHEV-M/oVirt management interface? If so: Where's the option(s) to be > found in the management interface? Can it be done globally, i.e. as a > default when guests are started? > > In 4.0 you can set this in the vnic profile (per network). With 3.6, you will need to create a hook to do it. See https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof to get an idea how you could do it. > -- > Regards, > Troels Arvin > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] How to add the clean-traffic network-filter to a guest
I would like to minimize the risk of virtual servers harming each other. As part of this, I would like to prevent them from changing their IP address to something different from what they are expected to have. In other words, I would like to prevent IP address spoofing in the guests. And I want to be able to do this without having to assign a different VLAN to each guest. Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts. Using virsh -r dumpxml on a host, I can see that the guests have the "vdsm-no-mac-spoofing" network filter active for the virtual network interface. But what if I want the "clean-traffic" filter to be active for the guests, as well (or instead): Is there a way to accomplish that in the RHEV-M/oVirt management interface? If so: Where's the option(s) to be found in the management interface? Can it be done globally, i.e. as a default when guests are started? -- Regards, Troels Arvin ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users