[openstack-dev] [Neutron] ARP spoofing in VLAN aware VMs
Bence Romsics
bence.romsics at gmail.com
Fri Oct 7 13:31:41 UTC 2016
Hi Kuba,
On Fri, Sep 30, 2016 at 3:38 PM, Jakub Libosvar <jlibosva at redhat.com> wrote:
> The issue was with subports having different MAC addresses
> than MAC address of the parent port. Packets leaving virtual instance via
> VLAN interfaces (e.g. eth0.1) have always source MAC address of VLAN parent
> interface (e.g. eth0).
Despite that being the default behavior do you consider that valid
use? I mean I would consider either (a) valid or (b) valid, but not
their combinations:
(a)
create port0
create port1 with same mac
create trunk with parent port0 and subport port1
boot instance with port0
bring up subport vlan interfaces only specifying vlan ids
(b)
create port0
create port1 with autoallocated (almost always different) mac
create trunk with parent port0 and subport port1
boot instance with port0
bring up subport vlan interfaces specifying vlan ids *and mac addresses*
Cheers,
Bence
ps. For being more specific please see the beginning of this CLI
example: https://wiki.openstack.org/wiki/Neutron/TrunkPort#CLI_usage_example
More information about the OpenStack-dev
mailing list