From mboxrd@z Thu Jan 1 00:00:00 1970 From: Robert Rebstock Subject: Re: guest MAC-address isolation Date: Fri, 20 Aug 2010 17:48:02 +0000 (UTC) Message-ID: <1798815715.138.1282326482123.JavaMail.root@mail> References: <4C6A5829.8070101@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: unlisted-recipients:; (no To-header on input) Return-path: Received: from mail.w33-berlin.de ([83.236.226.202]:56440 "EHLO mail.w33-berlin.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751734Ab0HTRtJ (ORCPT ); Fri, 20 Aug 2010 13:49:09 -0400 In-Reply-To: <4C6A5829.8070101@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: Hello. Thank you for your answer. > ----- Original Message ----- > From: "Avi Kivity" > To: "Robert Rebstock" > Cc: kvm@vger.kernel.org > Sent: Tuesday, August 17, 2010 11:36:41 AM > Subject: Re: guest MAC-address isolation > > On 08/06/2010 08:09 PM, Robert Rebstock wrote: > > Hello all, > > > > can anyone recommend a better way to achieve (guest agnostic) MAC-address > > isolation in qemu/kvm then with user-mode networking? > > > > I have multiple guests requiring the same MAC-address, and user-mode/slirp > > networking is quite slow. > > > > You can put the different guests on different bridges, and use IP > routing to connect the two bridges; or you can use ebtables to mangle > the MAC addresses. > Could you possibly give me an example? Unfortunately my networking skills are not the best, which is not to say that I don't try. The best I can do, after reading the documentation I could find, is: ebtables -t nat -A PREROUTING -d 00:11:11:11:11:11 -j dnat --to-dest 00:01:23:45:67:89 --dnat-target ACCEPT ebtables -t nat -A POSTROUTING -s 00:01:23:45:67:89 -j snat --to-src 00:11:11:11:11:11 --snat-arp --snat-target ACCEPT but I can see no way to mangle multiple identical MACs so as to achieve layer-2 isolation for my snapshotted VMs. Many thanks, RR