[ovs-dev] Preventing OS traffic transmitted from 'system' ports
de Candia, Giuseppe
gdecandia at midokura.com
Thu Dec 15 16:46:50 UTC 2011
Hi Folks,
I set up a VM to access its network via a tap connected to an OVS datapath
(the tap is added as a 'system' port). In my system the VM's network is
virtual - isolated from other VMs and from the host OS. Yet, the VM still
receives some packets from the host OS (e.g. ICMP6) and this breaks the
VM's network's isolation.
Fixing it is not difficult (I know of iptables or sysctl approaches) but
each packet type needs to be dealth with separately. I was wondering if
anyone else has run into this problem and has more clever solutions.
Also, could someone shed some light on whether it would be possible for OVS
to signal to the host OS that the OS should not transmit any packets from
OVS's 'system' ports?
thanks and cheers,
Pino
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20111215/2cd96939/attachment-0003.html>
More information about the dev
mailing list