Hi Folks, I set up a VM to access its network via a tap connected to an OVS datapath (the tap is added as a 'system' port). In my system the VM's network is virtual - isolated from other VMs and from the host OS. Yet, the VM still receives some packets from the host OS (e.g. ICMP6) and this breaks the VM's network's isolation.
Fixing it is not difficult (I know of iptables or sysctl approaches) but each packet type needs to be dealth with separately. I was wondering if anyone else has run into this problem and has more clever solutions. Also, could someone shed some light on whether it would be possible for OVS to signal to the host OS that the OS should not transmit any packets from OVS's 'system' ports? thanks and cheers, Pino
_______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
