Allow port isolation on VM NICs

Open brodriguez-opennebula opened this issue 2 months ago • 0 comments

Description Linux bridges have the option isolated that can be set up to on to avoid communication with other isolated ports. This makes sense on virtual networks that only must access a certain number of VMs on the same VNET.

Use case This feature is useful in a network that only needs access outside. In this case, only the virtual router interface would have the isolated=off parameter.

Interface Changes CLI/API:

optional parameter on VNET context ISOLATED that, by default, sets all the NICs on it as isolated
optional parameter on VM NIC ETHX_ISOLATED="YES"

Sunstone:

VM instantiation -> Network -> Radio button called "Isolate NIC"
VNET context -> Radio button "Isolate NICs on this VNET by default"

Additional Context

The isolation of a port can be made on libvirt with

...
<devices>
  <interface type='network'>
    <source network='default'/>
    <port isolated='yes'/>
  </interface>
</devices>
...

It can also be done during the bridge port creation, executing

bridge link set dev DEV isolated { on | off }

Progress Status

[ ] Code committed
[ ] Testing - QA
[ ] Documentation (Release notes - resolved issues, compatibility, known issues)

Nov 19 '25 17:11 brodriguez-opennebula