From: Avi Kivity <avi@redhat.com>
To: Robert Rebstock <rebstock@scienceworks.com>
Cc: kvm@vger.kernel.org
Subject: Re: guest MAC-address isolation
Date: Wed, 25 Aug 2010 13:30:25 +0300 [thread overview]
Message-ID: <4C74F0C1.6070106@redhat.com> (raw)
In-Reply-To: <1798815715.138.1282326482123.JavaMail.root@mail>
On 08/20/2010 08:48 PM, Robert Rebstock wrote:
> Hello.
> Thank you for your answer.
>
>> ----- Original Message -----
>> From: "Avi Kivity"<avi@redhat.com>
>> To: "Robert Rebstock"<rebstock@scienceworks.com>
>> Cc: kvm@vger.kernel.org
>> Sent: Tuesday, August 17, 2010 11:36:41 AM
>> Subject: Re: guest MAC-address isolation
>>
>> On 08/06/2010 08:09 PM, Robert Rebstock wrote:
>>> Hello all,
>>>
>>> can anyone recommend a better way to achieve (guest agnostic) MAC-address
>>> isolation in qemu/kvm then with user-mode networking?
>>>
>>> I have multiple guests requiring the same MAC-address, and user-mode/slirp
>>> networking is quite slow.
>>>
>> You can put the different guests on different bridges, and use IP
>> routing to connect the two bridges; or you can use ebtables to mangle
>> the MAC addresses.
>>
> Could you possibly give me an example? Unfortunately my networking skills are not the best,
> which is not to say that I don't try. The best I can do, after reading the
> documentation I could find, is:
>
> ebtables -t nat -A PREROUTING -d 00:11:11:11:11:11 -j dnat --to-dest 00:01:23:45:67:89 --dnat-target ACCEPT
> ebtables -t nat -A POSTROUTING -s 00:01:23:45:67:89 -j snat --to-src 00:11:11:11:11:11 --snat-arp --snat-target ACCEPT
>
> but I can see no way to mangle multiple identical MACs so as to achieve layer-2
> isolation for my snapshotted VMs.
>
You could use --in-interface to select packets based on which guest they
originated from (for snat).
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
prev parent reply other threads:[~2010-08-25 10:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <23005102.41431232840956986.JavaMail.root@mail>
2009-01-24 23:56 ` guest MAC-address isolation Robert Rebstock
2010-08-06 17:09 ` Robert Rebstock
2010-08-17 9:36 ` Avi Kivity
2010-08-20 17:48 ` Robert Rebstock
2010-08-25 10:30 ` Avi Kivity [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C74F0C1.6070106@redhat.com \
--to=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=rebstock@scienceworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).