WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] XCP anti-spoofing help

from [Matthew Law] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] XCP anti-spoofing help
From: "Matthew Law" <matt@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Apr 2010 15:09:58 +0100
Delivery-date: Thu, 22 Apr 2010 07:11:26 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: matt@xxxxxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.19 
We don't trust our domU users.  Traditionally we have used bridged
networking and implemented anti-spoofing in xen by means of iptables and
ebtables.

After playing more with XCP we really like it and would like to switch to
XCP eventually.  However, we need to ensure an equally bullet proof ipv4
and ipv6 anti-spoofing setup to what we currently have in Xen 3.4.

Shouldn't we be able to achieve the same by assigning each domU a virtual
trunk port and vlan in openvswitch?  This would also work across dom0's
no?

I haven't tried this yet as the box I've been using to play with XCP is on
a cheap switch which doesn't support vlan trunking etc.  Has anyone any
input into this? - segregating the network traffic of untrusted users will
be a big deal for us.


Thanks,

Matt.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] XCP anti-spoofing help, Matthew Law <=
Previous by Date:  [Xen-users] activate eth1 on domU without restarting, Israel Garcia
Next by Date:  [Xen-users] [XCP] - bootloader error, cluster
Previous by Thread:  [Xen-users] activate eth1 on domU without restarting, Israel Garcia
Next by Thread:  [Xen-users] [XCP] - bootloader error, cluster
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy