- If you are trunking to a VBox VM use the vnic type of AMD PCNet PCI II (Am79C970A). This is not the default vnic type. I have been able to trunk to Linux and FreeBSD guests including pfSense using the PCNet II vnic with a trunk from Open VSwitch with no issues. Every other vnic type I tried didn't work for me. I haven't tried the virtio drivers on VBox they may work as well. I do know the virtio drivers work when trunking to a Linux VM on KVM.
- If you are setting the destination of a mirror in Open VSwitch to a VM vnic on VBox you will need to set extra data on the vnic to allow promisc mode to be enabled.
VBoxManage setextradata VM_NAME \
"VBoxInternal/Devices/pcnet/0/LUN#0/Config/IfPolicyPromisc" "allow-all"
Replace pcnet with the appropriate vnic type you are using. - VBox comes with VBoxTunctl so you don't need to install tunctl seperatly to create tap interfaces for use with Open VSwitch.
As a side note you don't get 64 bit guests or hardware breakpoints while debugging in a guest without VT-x on VirtualBox :-( but at least you get full virtualization with good performance :-).
Not entirely related but I would love to see enhanced protection such as sVirt like functionally developed for libvirt/KVM on a system with SELinux or Apparmor available. That would go a long why to help protect the host and other guests if an escape from a guest was achieved.
No comments:
Post a Comment