I have a pool of XenServer hosts running the Free version of XenServer 5.6 FP1. I was wondering if I change the network backend to use Open vSwitch if I can specify ACLs on individual network VIFs without needing to use the DVS appliance (distributed virtual switch) which requires an Advanced License or higher.
Basically I'm looking for a way to isolate VMs on my network so that if a user had root access on the command line they couldn't access other servers they should not be able to (without using a VLAN).
Best Answer
Open vSwitch supports sFlow traffic monitoring that you can use to detect suspicious activity and manage XenServer network and system performance. The ovs-* commands are used to configure the vSwitch, it looks like you can use ovs-ofctl to add ACLs.