[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Secure VLANs

On 05/01/11 21:40, Javier Guerra Giraldez wrote:
On Tue, Jan 4, 2011 at 5:58 AM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx>  wrote:
Can someone please give me some tips on how to set up a Xen system with
VLANs in such a way that VLAN hopping by DomUs isn't possible?

I have tagged frames coming from my switch into my Dom0.
set a soft bridge for each VLAN on Dom0 and add each DomU interface to
only the respective bridge.

Don't present the physical interface to the DomUs

I had this method in my head however I wasn't sure if it is "secure". Using the above simple method, is there *no way* that a customer could "VLAN Hop" by double tagging or anything else?

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.