Backlog #2348

Add static MAC address to

Added by Daniel Dehennin almost 8 years ago. Updated almost 4 years ago.

Status:PendingStart date:09/30/2013
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Drivers - Network
Target version:-

Description

Hello,

I setup an OpenNebula 4.2 with OpenVswitch network, everything works great. Thank you very much.

Some of my VMs run LXC containers with a linux bridges inside and traffic coming from LXC guest is dropped due to MAC-spoofing protection.

As described in the documentation, I could relax the protection.

I wonder if a better solution could be to add additional static MAC addresses on a VM NIC to avoid opening all my OpenVswitch networks to MAC-spoofing.

Additional restrictions could apply:

  • the additional static MAC addresses restricted to a list of prefixes
  • per group/user authorized prefix list
  • prefix delegation: first octet per group, second octet per user

With something like that I could dedicate a prefix per user, I get benefit of MAC-spoofing and permit users to do what they want in their VMs.

Regards.

History

#1 Updated by Ruben S. Montero over 7 years ago

  • Tracker changed from Feature to Backlog

#2 Updated by Daniel Dehennin almost 7 years ago

Hello,

I think this issue is related to #2818, at least with #2858.

Regards.

#3 Updated by EOLE Team almost 7 years ago

It could be done for IPs too.

Very interesting if you have a failover IP moving between two hosts and don't want to disable ARP cache poisoning globally.

#4 Updated by Jan "Yenya" Kasprzak almost 4 years ago

Anything new wrt. this topic? I would also like to use more than one IP (and IPv6!) address in a VM without disabling FILTER_IP_SPOOFING for the whole VNet. Thanks!

Also available in: Atom PDF