[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Xen with 'Routing' scripts

> Can we ensure that dom-U is not sending ethernet packets with 
> fake destination mac addresses if we're using bridging?

Sure. Just add the apprioriate netfilter or ebtables rules to
> How do we prevent a dom-U filling up our LAN with bogus 
> ethernet addresses?

There's an example of a netfilter rule to prevent spoofing of bogus src
IP addrs.

> I guess we want to restrict the dom-U to IP packets with 
> IP/MAC pairs that match previous ARP results. Can ebtables in 
> dom-0 filter this accurately?

Sure. If you don't know all the rules at domain creation time you'll
probably need to cook up your own little daemon to add rules/

> Also, there will be more ARP'ing with bridging, since all the 
> dom-U's will ARP independently (can we short-circuit ARP 
> responses in dom-0?).

Why would you want to? It's hardly high bandwidth.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.