[PVE-User] Prevent KVM guest from IP takeover

[Alexandre Kouznetsov]

Hello.

While having several KVM guests under Proxmox system, any given guest 
machine is supposed to be restricted to use it's own assigned IP (and/or 
it's own assigned MAC address). The goal is to avoid two things:
1. A misconfigured guest machine is taking someone else's IP address and 
creates a conflict. We don't care too much about about the misconfigured 
guest itself, but the interference caused to some other machine would hurt.
2. A malicious guest machine user puts a sniffer on it's network 
interface and listens to neighbor's traffic. In any case, the traffic 
shall be encrypted, but it's still not nice to have it open for listening.

The common approach is to dedicate a /30 network on a separate VLAN for 
each guest, and configure it's virtual network adapter to use specific 
tag. That works fine, but it's also a great waste of IP addresses.

I believe there is a way to isolate guests one from another even if they 
share the same VLAN and same network bridge. They would be able to talk 
to each other, but not to spoof it's configuration on layer 2 or 3, to 
get someone else's traffic. For example, with a set of netfilter rules.

http://pve.proxmox.com/wiki/Network_Model does not mentions anything 
about sharing VLAN between guests, but still protecting them from 
spoofing. Is it something supported or planed by Proxmox? Maybe not in 
the exact way I describe it?

Thank you.

-- 
Alexandre Kouznetsov