VM can see traffic of other VM?

S

SanderM

Member
Oct 21, 2016
40
1
6
41
I'm running Proxmox 4.4 with openvswitch 2.6.0.

I just discovered that one VM, which was a clean Linux install, running no services, is seeing about 2mbyte/s of incoming traffic according to proxmox VM graph. So I installed a network sniffer in this VM and it can see a lot of traffic caused by other VM's.

How can I isolate each VM so that one VM cannot snif traffic of another VM? I also do not understand why this VM can see the traffic anyway? Isn't a switch (openvswitch is a switch, right?) supposed to only forward packets that actually belong to the mac address of this VM?

Any explanation on what's happening here would be appreciated. And any idea how to fix this?

Thanks
 
Nobody?


So I created a new test setup with one proxmox box and 3 VM's. All VM's have a single public IP address.
It's using openvswitch with ovs_port eth0. eth0 is physically connected to the switch for internet uplink.

VM1 sends a lot of traffic to VM2.
VM3 has nothing to do with VM1 or VM2 but "tcpdump -XX -i eth0" shows A LOT of traffic that's actually meant for VM2 (coming from VM1).

Why is VM3 receiving this traffic. All 3 VM's are connected to a switch (openvswitch) which shouldn't be sending packets that are not meant for the MAC addres of VM3 .. Right?

Or am I missing something.
 
I've never used openvswitch, but in "ordinary" bridge mode, this is not the case at all. Maybe some misconfiguration on the openvswitch side?
 
You must log in or register to reply here.
Top Bottom