[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] XCP anti-spoofing help

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: "Matthew Law" <matt@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Apr 2010 15:09:58 +0100
Delivery-date: Thu, 22 Apr 2010 07:11:26 -0700
Importance: Normal
List-id: Xen user discussion <xen-users.lists.xensource.com>

We don't trust our domU users.  Traditionally we have used bridged
networking and implemented anti-spoofing in xen by means of iptables and
ebtables.

After playing more with XCP we really like it and would like to switch to
XCP eventually.  However, we need to ensure an equally bullet proof ipv4
and ipv6 anti-spoofing setup to what we currently have in Xen 3.4.

Shouldn't we be able to achieve the same by assigning each domU a virtual
trunk port and vlan in openvswitch?  This would also work across dom0's
no?

I haven't tried this yet as the box I've been using to play with XCP is on
a cheap switch which doesn't support vlan trunking etc.  Has anyone any
input into this? - segregating the network traffic of untrusted users will
be a big deal for us.


Thanks,

Matt.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: [Xen-users] activate eth1 on domU without restarting
Next by Date: [Xen-users] [XCP] - bootloader error
Previous by thread: [Xen-users] activate eth1 on domU without restarting
Next by thread: [Xen-users] [XCP] - bootloader error
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.