This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [SPAM] Re: [Xen-users] Re: number of ips

Now I see. It sounds like this really isn't a Xen question - that its the familiar "duplicate IP address" error we get when a user manually sets an IP address that has been assigned by a DHCP server

So here's the thing. What makes this issue worth spending any time trying to fix?

Sure, with sufficient creativity, we could engineer something that fixes this
The effort is probably more than 10x the value

Why not simply assume most people are reasonable and then deal with the exceptions as they arise?

If, of course, you are a sysadmin in a Federal Prison it might be different ...


On Apr 11, 2009, at 7:05 PM, Anand Gupta wrote:

Hi Peter,

On Sun, Apr 12, 2009 at 1:04 AM, Peter Booth <peter_booth@xxxxxxx> wrote:
I'm a little puzzled by this. My starting point is that I can sometimes use technology to protect against foolishness but it's much harder to protect against malice.

I believe that the xen 3 limit is 3 vifs per VM. So if you create all three, with one bridge mode with an asugned ip and thee two private networks, what can user do thru ignorance or malice to break this?
1. They can reconfigure their "real IP" do a diff value on the subnet and presumably well see an error on both devices that are trying to use the VM
2. What happens if they create virtual devices based on their "real" device? Can they bind these to different IPs on the subnet?

Is there any reason to expect they would do this? Can you fire your users if they are malicious? This seems as much a human issue as a technical one.

Not always you can fire them. Imagine a situation wherein you are the dom0 administrator and all your domU are customers who manage their own domU. Now you have assigned ips to them, and one of them tries to bind a different ip as against to what was assigned to it. I am just trying to find a way to stop that from happening.


Anand Gupta
Xen-users mailing list

Xen-users mailing list