On Fri, Nov 18, 2016 at 10:28 AM, MOUCHOIR David <[email protected]> wrote:
> That's what I understood > I don't have problem configuring VLANs on nics and switches, I've already > done many times > What I said is > If I have 3 VMs > VM1 needs vlan1 and 2 > VM2 needs vlan3 and 4 > VM3 needs vlan5 and vlan6 > > for security reason I don't want any of these VM to be able to "see" > traffic of other VLAN > I will need 3 interfaces, one per trunk > > Could Vswitch be the solution ? It seems to be implemented in ovirt, but > documentation looks very poor ( or I didn't find the documentation ;) ) > I'm not a security expert. For sure If you don't trust the sysadmin of the VMs operating system or if anyone has access to the virtual console so it could attach a live distro and so on.... you had better to have 3 different physical network adapters on your hypervisors and create on them trunk for id 1 and 2 on first trunk for id 3 and 4 on second trunk for id 5 and 6 on third But from a functionality point of view (and also segregation if you don't modify configuration of OS) you can have only one physical adapter on hypervisor, allow id 1, 2, 3, 4, 5, 6 on it and then configure on VM1 OS configure ifcfg-eth0.1 and ifcfg-eth0.2 files on VM2 OS configure ifcfg-eth0.3 and ifcfg-eth0.4 files on VM3 OS configure ifcfg-eth0.5 and ifcfg-eth0.6 files It depends on who manages ovirt infrastructure, network infrastructure and OS infrastructure and if they are different people... I don't know if any virtualization vendor can provide the level of security you want using only one physical adapter.... GIanluca
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
