Greetings,
I have the following issue. As a virtualization platform we use RHEL KVM and we'd like to leverage multitenancy design. We have one NIC which is plugged to a TOR switchs. On TOR's side the switchportport configuration for this KVM host is 802.1Q trunk. On Linux we add physical NIC to a bridge and created multiple virtual interfaces for our guest VMs in that bridge. On each guest VM we configure 802.1Q subinterface to access a particular L2 domain. The problem is that we provide these VMs to our customers with a full root access and if they change its virtual NIC VLAN settings, they will access the other customers traffic which is security violation.
How can I configure on KVM hypervisor side which VLAN to which particular VM NIC is attached, thus prevention a guest VM misconfiguration? Should I use a virt. switch instead of bridge? Thank you.
- D
I have the following issue. As a virtualization platform we use RHEL KVM and we'd like to leverage multitenancy design. We have one NIC which is plugged to a TOR switchs. On TOR's side the switchportport configuration for this KVM host is 802.1Q trunk. On Linux we add physical NIC to a bridge and created multiple virtual interfaces for our guest VMs in that bridge. On each guest VM we configure 802.1Q subinterface to access a particular L2 domain. The problem is that we provide these VMs to our customers with a full root access and if they change its virtual NIC VLAN settings, they will access the other customers traffic which is security violation.
How can I configure on KVM hypervisor side which VLAN to which particular VM NIC is attached, thus prevention a guest VM misconfiguration? Should I use a virt. switch instead of bridge? Thank you.
- D
