[ovs-discuss] VM isolation with OVS on XCP

Matthew Law matt at webcontracts.co.uk
Wed Apr 28 23:01:33 UTC 2010


Hi,

I've joined the list in the hope that someone might be able to answer a
couple of questions I have regarding OVS in conjunction with Xen Cloud
Platform.

With previous versions of Xen using the conventional linux bridging
support we have had to take some steps to prevent untrusted domUs from
spoofing IP addresses.  In the past we have done this with iptables and
ebtables rules added at the point that we create the virtual interface and
attach it to the bridge.  Does the default OVS setup in XCP prevent domUs
from seeing traffic not intended for them?

Also, is there any way to ensure DHCP requests from booting domUs are
answered by the appropriate DHCP server and not a domU?


Thanks in advance,

Matt.





More information about the discuss mailing list