[CentOS-virt] Network isolation for KVM guests

Thu Mar 30 17:15:28 UTC 2017
Nux! <nux at li.nux.ro>

Use libvirt with mac/ip spoofing enabled.

https://libvirt.org/formatnwfilter.html

https://libvirt.org/firewall.html

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "C. L. Martinez" <carlopmart at gmail.com>
> To: centos-virt at centos.org
> Sent: Thursday, 30 March, 2017 15:06:58
> Subject: [CentOS-virt] Network isolation for KVM guests

> Hi all,
> 
> What options exists under CentOS hosts to work with isolated networks?. For
> example, on BSD systems it is really trivial. In FreeBSD you can use setfib
> tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is
> possible to work with isolated networks and assign process, ip address and
> routes (hidden from the main route table and ip addresses), etc.
> 
> But I can't find a similar solution for CentOS environments. I have found two
> similar options:
> 
> a/ Network namespaces (but doesn't provides a real network isolation)
> b/ VRF (but it is supported only for kernels 4.8 and up)
> 
> Any ideas?
> 
> Thanks.
> 
> --
> Greetings,
> C. L. Martinez
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt at centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt