On 04/18/2013 05:48 PM, Jiri Belka wrote:
On Thu, 18 Apr 2013 16:15:38 +0200
Andrej Bagon <andrej.ba...@arnes.si> wrote:

Hi all,

we are wondering how can we limit a user to use IPs we give him and not
others.
Best is understood from an example:
- we give a user a quota (with x CPU, y memory and z disk space)
- a user can create one VirtualMachine with all the resources, or more
VirtualMachines with smaller resources.
- we want to give a user a pool of IPs. He should not use other IPs. If
he uses other IP it should not be routable.

Is there a solution for this problem?

Normal solution:

* mirror port on your switch which is forwarded to a NIDS
   and search for unauthoried IPs MACs pairs

"Software foo can to everything" solution:

* libvirt know nwfilter
* vdsm has hooks

thus combination of your own nwfilters, custom properties and vdsm
hooks.

Or raise a RFE so we could assing nwfilters to a VM.

my take is that as long as you use an external ip allocation mechanism (dhcp/static) - its up to you to limit. once engine will do the allocations (IPAM, or L3), then quota's for IP addresses could be relevant.

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to