WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] Xen with 'Routing' scripts

from [Ian Pratt] [Permanent Link][Original]
To: "Roland Paterson-Jones" <roland@xxxxxxxxxxxx>, "xen-users" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Xen with 'Routing' scripts
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Sun, 17 Apr 2005 17:19:54 +0100
Cc: ian.pratt@xxxxxxxxxxxx
Delivery-date: Sun, 17 Apr 2005 16:19:49 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcVDZfEidINptxkGQma1jNw65AK9FgAAvP7Q
Thread-topic: [Xen-users] Xen with 'Routing' scripts 
> Can we ensure that dom-U is not sending ethernet packets with 
> fake destination mac addresses if we're using bridging?

Sure. Just add the apprioriate netfilter or ebtables rules to
'vif-bridge'.
 
> How do we prevent a dom-U filling up our LAN with bogus 
> ethernet addresses?

There's an example of a netfilter rule to prevent spoofing of bogus src
IP addrs.

> I guess we want to restrict the dom-U to IP packets with 
> IP/MAC pairs that match previous ARP results. Can ebtables in 
> dom-0 filter this accurately?

Sure. If you don't know all the rules at domain creation time you'll
probably need to cook up your own little daemon to add rules/

> Also, there will be more ARP'ing with bridging, since all the 
> dom-U's will ARP independently (can we short-circuit ARP 
> responses in dom-0?).

Why would you want to? It's hardly high bandwidth.

Ian

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Xen with 'Routing' scripts, Roland Paterson-Jones
Next by Date:  Re: [Xen-users] Xen with 'Routing' scripts, Roland Paterson-Jones
Previous by Thread:  Re: [Xen-users] Xen with 'Routing' scripts, Roland Paterson-Jones
Next by Thread:  Re: [Xen-users] Xen with 'Routing' scripts, Roland Paterson-Jones
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy