Great - the rules works alot better after running ovs-vsctl del-controller
xapi5 ;-)
It looks like everything works now.
The rules for the XCP VMs to prevent mac/ip spoofing (although allowing
dhcp) are then:
/usr/bin/ovs-ofctl add-flow xapi5 "in_port=15 priority=39500 dl_type=udp
tp_dst=67 dl_sr
On May 5, 2011, at 4:03 AM, Kristoffer Egefelt wrote:
> From the pool master i get:
>
> #ovs-vsctl get-controller xapi5
> ssl:10.10.3.250:6633
>
> Probably because I tried the Citrix controller at some point - should it work
> if I delete it with:
>
> #ovs-vsctl del-controller xapi5
>
> is i
>From the pool master i get:
#ovs-vsctl get-controller xapi5
ssl:10.10.3.250:6633
Probably because I tried the Citrix controller at some point - should it
work if I delete it with:
#ovs-vsctl del-controller xapi5
is it safe?
Running:
ovs-vsctl get-fail-mode xapi5
returns nothing...
Thanks
On
I think Ben is suggesting that you may have a controller configured, even if
you're not running one. Do you see anything when you run the following?
ovs-vsctl get-controller xapi5
I don't know that the behavior changed, but you can change the fail mode to not
"fail open" by running the
Ah, that could be the problem.
I don't have a controller - I think the fail-open default changed from xcp
0.5 to 1.0.
Anybody using a controller for xcp/xenserver which is pool-aware and capable
of setting up antispoofing rules? Any ideas or suggestions would be
appreciated.
Thanks :-)
Regards
K
Hi Kristoffer,
Are you receive
I checked my environment for your issue.
I think your ovs-ofctl flow doesn't receive response from itself.
On your situation
1. ARP function
Arp request; from a6:1e:29:3d:69:51 to FF:FF:FF:FF:FF:FF <= "Permit"
Arp reply; from MAC of target to a6:1e:29:3d:69:51 <=
On Mon, May 02, 2011 at 01:43:36PM +0200, Kristoffer Egefelt wrote:
> I'm trying to add rules to ovs to prevent virtual machines stealing ip
> addresses from each other.
> Using XCP, based on XENSERVER 5.6fp1 with ovs version 1.0.2.
Your setup looks OK to me. I see that none of your rules have an
Hi list,
I'm trying to add rules to ovs to prevent virtual machines stealing ip
addresses from each other.
Using XCP, based on XENSERVER 5.6fp1 with ovs version 1.0.2.
xapi5 is the switch.
port 5 (xapi13) is vlan8
port 8 (vif53.0) is the virtual machine I'm trying to lock down, with
ip: 10.10.8.7
