VM can see traffic of other VM?

SanderM

Member
Oct 21, 2016
40
1
6
39
I'm running Proxmox 4.4 with openvswitch 2.6.0.

I just discovered that one VM, which was a clean Linux install, running no services, is seeing about 2mbyte/s of incoming traffic according to proxmox VM graph. So I installed a network sniffer in this VM and it can see a lot of traffic caused by other VM's.

How can I isolate each VM so that one VM cannot snif traffic of another VM? I also do not understand why this VM can see the traffic anyway? Isn't a switch (openvswitch is a switch, right?) supposed to only forward packets that actually belong to the mac address of this VM?

Any explanation on what's happening here would be appreciated. And any idea how to fix this?

Thanks
 
Nobody?


So I created a new test setup with one proxmox box and 3 VM's. All VM's have a single public IP address.
It's using openvswitch with ovs_port eth0. eth0 is physically connected to the switch for internet uplink.

VM1 sends a lot of traffic to VM2.
VM3 has nothing to do with VM1 or VM2 but "tcpdump -XX -i eth0" shows A LOT of traffic that's actually meant for VM2 (coming from VM1).

Why is VM3 receiving this traffic. All 3 VM's are connected to a switch (openvswitch) which shouldn't be sending packets that are not meant for the MAC addres of VM3 .. Right?

Or am I missing something.
 
I've never used openvswitch, but in "ordinary" bridge mode, this is not the case at all. Maybe some misconfiguration on the openvswitch side?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!