Re: guest MAC-address isolation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Robert Rebstock <rebstock@scienceworks.com>
To: unlisted-recipients:; (no To-header on input)
Cc: kvm@vger.kernel.org
Subject: Re: guest MAC-address isolation
Date: Fri, 20 Aug 2010 17:48:02 +0000 (UTC)	[thread overview]
Message-ID: <1798815715.138.1282326482123.JavaMail.root@mail> (raw)
In-Reply-To: <4C6A5829.8070101@redhat.com>

Hello.
Thank you for your answer.

> ----- Original Message -----
> From: "Avi Kivity" <avi@redhat.com>
> To: "Robert Rebstock" <rebstock@scienceworks.com>
> Cc: kvm@vger.kernel.org
> Sent: Tuesday, August 17, 2010 11:36:41 AM
> Subject: Re: guest MAC-address isolation
> 
>   On 08/06/2010 08:09 PM, Robert Rebstock wrote:
> > Hello all,
> >
> > can anyone recommend a better way to achieve (guest agnostic) MAC-address
> > isolation in qemu/kvm then with user-mode networking?
> >
> > I have multiple guests requiring the same MAC-address, and user-mode/slirp
> > networking is quite slow.
> >
> 
> You can put the different guests on different bridges, and use IP 
> routing to connect the two bridges; or you can use ebtables to mangle 
> the MAC addresses.
> 

Could you possibly give me an example? Unfortunately my networking skills are not the best,
which is not to say that I don't try. The best I can do, after reading the
documentation I could find, is:

ebtables -t nat -A PREROUTING  -d 00:11:11:11:11:11 -j dnat --to-dest 00:01:23:45:67:89 --dnat-target ACCEPT
ebtables -t nat -A POSTROUTING -s 00:01:23:45:67:89 -j snat --to-src 00:11:11:11:11:11 --snat-arp --snat-target ACCEPT

but I can see no way to mangle multiple identical MACs so as to achieve layer-2
isolation for my snapshotted VMs.

Many thanks,

RR

next prev parent reply	other threads:[~2010-08-20 17:49 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <23005102.41431232840956986.JavaMail.root@mail>
2009-01-24 23:56 ` guest MAC-address isolation Robert Rebstock
2010-08-06 17:09   ` Robert Rebstock
2010-08-17  9:36     ` Avi Kivity
2010-08-20 17:48       ` Robert Rebstock [this message]
2010-08-25 10:30         ` Avi Kivity
2009-01-25  0:39 Robert Rebstock

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1798815715.138.1282326482123.JavaMail.root@mail \
    --to=rebstock@scienceworks.com \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.