mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
docs: document port isolated property in domain/network/networkport
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
9033104939
commit
366ceeec4b
@ -6539,6 +6539,37 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
traffic for that VLAN will be tagged.
|
traffic for that VLAN will be tagged.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<h5><a id="elementPort">Isolating guests's network traffic from each other</a></h5>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
...
|
||||||
|
<devices>
|
||||||
|
<interface type='network'>
|
||||||
|
<source network='default'/>
|
||||||
|
<b><port isolated='yes'/></b>
|
||||||
|
</interface>
|
||||||
|
</devices>
|
||||||
|
...</pre>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<span class="since">Since 6.1.0.</span> The <code>port</code>
|
||||||
|
element property <code>isolated</code>, when set
|
||||||
|
to <code>yes</code> (default setting is <code>no</code>) is used
|
||||||
|
to isolate this interface's network traffic from that of other
|
||||||
|
guest interfaces connected to the same network that also
|
||||||
|
have <code><port isolated='yes'/></code>. This setting is
|
||||||
|
only supported for emulated interface devices that use a
|
||||||
|
standard tap device to connect to the network via a Linux host
|
||||||
|
bridge. This property can be inherited from a libvirt network,
|
||||||
|
so if all guests that will be connected to the network should be
|
||||||
|
isolated, it is better to put the setting in the network
|
||||||
|
configuration. (NB: this only prevents guests that
|
||||||
|
have <code>isolated='yes'</code> from communicating with each
|
||||||
|
other; if there is a guest on the same bridge that doesn't
|
||||||
|
have <code>isolated='yes'</code>, even the isolated guests will
|
||||||
|
be able to communicate with it.)
|
||||||
|
</p>
|
||||||
|
|
||||||
<h5><a id="elementLink">Modifying virtual link state</a></h5>
|
<h5><a id="elementLink">Modifying virtual link state</a></h5>
|
||||||
<pre>
|
<pre>
|
||||||
...
|
...
|
||||||
|
@ -729,6 +729,31 @@
|
|||||||
or <code><interface></code>.
|
or <code><interface></code>.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<h5><a id="elementPort">Isolating ports from one another</a></h5>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
<network>
|
||||||
|
<name>isolated-ports</name>
|
||||||
|
<forward mode='bridge'/>
|
||||||
|
<bridge name='br0'/>
|
||||||
|
<port isolated='yes'/>
|
||||||
|
</network>
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<span class="since">Since 6.1.0.</span> The <code>port</code>
|
||||||
|
element property <code>isolated</code>, when set
|
||||||
|
to <code>yes</code> (default setting is <code>no</code>) is used
|
||||||
|
to isolate the network traffic of each guest on the network from
|
||||||
|
all other guests connected to the network; it does not have an
|
||||||
|
effect on communication between the guests and the host, or
|
||||||
|
between the guests and destinations beyond this network. This
|
||||||
|
setting is only supported for networks that use a Linux host
|
||||||
|
bridge to connect guest interfaces via a standard tap device
|
||||||
|
(i.e. those with a forward mode of nat, route, open, bridge, or
|
||||||
|
no forward mode).
|
||||||
|
</p>
|
||||||
|
|
||||||
<h5><a id="elementsPortgroup">Portgroups</a></h5>
|
<h5><a id="elementsPortgroup">Portgroups</a></h5>
|
||||||
|
|
||||||
<pre>
|
<pre>
|
||||||
|
@ -84,6 +84,7 @@
|
|||||||
<outbound average='128' peak='256' burst='256'/>
|
<outbound average='128' peak='256' burst='256'/>
|
||||||
</bandwidth>
|
</bandwidth>
|
||||||
<rxfilters trustGuest='yes'/>
|
<rxfilters trustGuest='yes'/>
|
||||||
|
<port isolated='yes'/>
|
||||||
<virtualport type='802.1Qbg'>
|
<virtualport type='802.1Qbg'>
|
||||||
<parameters managerid='11' typeid='1193047' typeidversion='2'/>
|
<parameters managerid='11' typeid='1193047' typeidversion='2'/>
|
||||||
</virtualport>
|
</virtualport>
|
||||||
@ -110,6 +111,16 @@
|
|||||||
only supported for the virtio device model and for macvtap
|
only supported for the virtio device model and for macvtap
|
||||||
connections on the host.
|
connections on the host.
|
||||||
</dd>
|
</dd>
|
||||||
|
<dt><code>port</code></dt>
|
||||||
|
<dd> <span class="since">Since 6.1.0.</span>
|
||||||
|
The <code>port</code> element property
|
||||||
|
<code>isolated</code>, when set to <code>yes</code> (default
|
||||||
|
setting is <code>no</code>) is used to isolate this port's
|
||||||
|
network traffic from other ports on the same network that also
|
||||||
|
have <code><port isolated='yes'/></code>. This setting
|
||||||
|
is only supported for emulated network devices connected to a
|
||||||
|
Linux host bridge via a standard tap device.
|
||||||
|
</dd>
|
||||||
<dt><code>virtualport</code></dt>
|
<dt><code>virtualport</code></dt>
|
||||||
<dd>The <code>virtualport</code> element describes metadata that
|
<dd>The <code>virtualport</code> element describes metadata that
|
||||||
needs to be provided to the underlying network subsystem. It
|
needs to be provided to the underlying network subsystem. It
|
||||||
|
Loading…
Reference in New Issue
Block a user