Hi there, Thanks to fix xvm with snv_133 this is now rocks. Now I have things to do : - first protect user to stuff like this : http://www.standingonthebrink.com/index.php/ipv6-ipv4-and-arp-on-xen-for-vps/, eg ARP poisoning etc... - seconds, to protect that, I''d like to give a /32 (IPv4) to each VM and do somewhat CPE <-> LNS between VM and dom0 and then some routing like OSPF to reinject this into my IGP. For bridged system is there a way to do some port security in crossbow, eg allow one IP/ARP (or more eventually) per VM, avoid any promisc function inside the VM, and also avoid ARP spoofing, and lots of bloody anoyance that people can do ? Thanks ! -- Xavier Beaudouin - xb@soprive.net GPG Fingerprints : A6B2 D563 F93B A3AF C08A CBAC 6BC6 79EB DCC9 9867
Xavier Beaudouin
2010-Feb-26 12:48 UTC
Re: xvm / crossbow / isolation and protection of VM
Hi David, Le 26 févr. 2010 à 10:44, David Edmondson a écrit :> On Fri, 26 Feb 2010 10:36:56 +0100, Xavier Beaudouin <xb@soprive.net> wrote: >> For bridged system is there a way to do some port security in >> crossbow, eg allow one IP/ARP (or more eventually) per VM, avoid any >> promisc function inside the VM, and also avoid ARP spoofing, and lots >> of bloody anoyance that people can do ? > > Link protection can do some of what you ask. It was integrated in > October of last year: > > http://hub.opensolaris.org/bin/view/Community+Group+on/2009100701Great ! This is exactly what I need :) Xavier -- Xavier Beaudouin - xb@soprive.net GPG Fingerprints : A6B2 D563 F93B A3AF C08A CBAC 6BC6 79EB DCC9 9867