Uploaded image for project: 'XenServer Org'
  1. XenServer Org
  2. XSO-899

DVS Controller + vif-locking-mode=locked

    Details

    • Type: Enquiry
    • Status: To Do (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.5
    • Fix Version/s: None
    • Component/s: Networking
    • Labels:
      None
    • Environment:

      I have XenServer 7.1 pool.

       

      While deploying new VM I'm setting such params over XAPI

      vif-locking-mode=locked

      ipv4-allowed=x.x.x.x

      Description

      I faced with problem of rogue DHCP server, that gives to VMs wrong IP addresses.

      I found only one solution for XenServer to prevent rogue DHCP server.

      It is DVS Controller.

       

      I deployed DVS Controller from Xenserver 7.5 and set policy to block rogue DHCP server.

      Now it is all OK with DHCP, but now I can not set vif-locking-mode=locked because of error

      "You attempted an operation that was not allowed.
      reason: A vswitch controller is active"

      At same time I can set any other "vif-locking-mode" type (unlocked,disabled,networ-default), but not "locked".....

      So, the question is how to set vif-locking-mode=locked to prevent IP spoofing while DVS Controller is active?!

      I cannot find any infomation about this situation at oficial docs.

       

      Thank you,

      Sergey

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              padpn Sergey
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: