Backlog #2348
Add static MAC address to
Status: | Pending | Start date: | 09/30/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Drivers - Network | |||
Target version: | - |
Description
Hello,
I setup an OpenNebula 4.2 with OpenVswitch network, everything works great. Thank you very much.
Some of my VMs run LXC containers with a linux bridges inside and traffic coming from LXC guest is dropped due to MAC-spoofing protection.
As described in the documentation, I could relax the protection.
I wonder if a better solution could be to add additional static MAC addresses on a VM NIC to avoid opening all my OpenVswitch networks to MAC-spoofing.
Additional restrictions could apply:
- the additional static MAC addresses restricted to a list of prefixes
- per group/user authorized prefix list
- prefix delegation: first octet per group, second octet per user
With something like that I could dedicate a prefix per user, I get benefit of MAC-spoofing and permit users to do what they want in their VMs.
Regards.
History
#1 Updated by Ruben S. Montero over 7 years ago
- Tracker changed from Feature to Backlog
#2 Updated by Daniel Dehennin almost 7 years ago
#3 Updated by EOLE Team almost 7 years ago
It could be done for IPs too.
Very interesting if you have a failover IP moving between two hosts and don't want to disable ARP cache poisoning globally.
#4 Updated by Jan "Yenya" Kasprzak almost 4 years ago
Anything new wrt. this topic? I would also like to use more than one IP (and IPv6!) address in a VM without disabling FILTER_IP_SPOOFING for the whole VNet. Thanks!