WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

Re: [Xen-users] Secure VLANs

from [Jonathan Tripathy]

[Permanent Link][Original]

To:	Javier Guerra Giraldez <javier@xxxxxxxxxxx>
Subject:	Re: [Xen-users] Secure VLANs
From:	Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date:	Wed, 05 Jan 2011 21:49:39 +0000
Cc:	Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Wed, 05 Jan 2011 13:51:11 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<AANLkTinS28-aiPCVnP2909ai7veu_eT1hS8o8EJ6QC29@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<4D22FD70.4030307@xxxxxxxxxxx> <AANLkTinS28-aiPCVnP2909ai7veu_eT1hS8o8EJ6QC29@xxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6


On 05/01/11 21:40, Javier Guerra Giraldez wrote:

On Tue, Jan 4, 2011 at 5:58 AM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx>  wrote:

Can someone please give me some tips on how to set up a Xen system with
VLANs in such a way that VLAN hopping by DomUs isn't possible?

I have tagged frames coming from my switch into my Dom0.

set a soft bridge for each VLAN on Dom0 and add each DomU interface to
only the respective bridge.

Don't present the physical interface to the DomUs

I had this method in my head however I wasn't sure if it is "secure".Using the above simple method, is there *no way* that a customer could"VLAN Hop" by double tagging or anything else?


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Secure VLANs, Jonathan Tripathy Re: [Xen-users] Secure VLANs, Javier Guerra Giraldez Re: [Xen-users] Secure VLANs, Jonathan Tripathy <= Re: [Xen-users] Secure VLANs, Fajar A. Nugraha Re: [Xen-users] Secure VLANs, Jonathan Tripathy Re: [Xen-users] Secure VLANs, Javier Guerra Giraldez Re: [Xen-users] Secure VLANs, Jonathan Tripathy Re: [Xen-users] Secure VLANs, Javier Guerra Giraldez Re: [Xen-users] Secure VLANs, Fajar A. Nugraha Re: [Xen-users] Secure VLANs, Javier Guerra Giraldez Re: [Xen-users] Secure VLANs, Jonathan Tripathy Re: [Xen-users] Secure VLANs, Simon Hobson Re: [Xen-users] Secure VLANs, Fajar A. Nugraha

Previous by Date:	Re: [Xen-users] Secure VLANs, Javier Guerra Giraldez
Next by Date:	Re: [Xen-users] Secure VLANs, Fajar A. Nugraha
Previous by Thread:	Re: [Xen-users] Secure VLANs, Javier Guerra Giraldez
Next by Thread:	Re: [Xen-users] Secure VLANs, Fajar A. Nugraha
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix