Bug 1667117

Summary: [Docs][Admin][SHE]NIC profile of VM - no-mac-spoofing setting expanded
Product: Red Hat Enterprise Virtualization Manager Reporter: Avital Pinnick <apinnick>
Component: DocumentationAssignee: Eli Marcus <emarcus>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.3.0CC: ctomasko, dholler, emarcus, eraviv, lsurette, mperina, srevivo, stirabos
Target Milestone: ---Keywords: Documentation, Task
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: docscope 4.5 TBD
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-14 01:52:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Avital Pinnick 2019-01-17 13:59:58 UTC 
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html-single/administration_guide/#Explanation_of_Settings_in_the_VM_Interface_Profile_Window

6.2.3. Explanation of Settings in the VM Interface Profile Window
Table 6.5. VM Interface Profile Window

"Network Filter"

Current text: "A drop-down list of the available network filters to apply to the vNIC profile. Network filters improve network security by filtering the type of packets that can be sent to and from virtual machines. The default filter is vdsm-no-mac-spoofing, which is a combination of no-mac-spoofing and no-arp-mac-spoofing. For more information on the network filters provided by libvirt, see the Pre-existing network filters section of the Red Hat Enterprise Linux Virtualization Deployment and Administration Guide."

To be added to Admin guide: NIC profile filter must be set to "no-filter" (in other words, no-mac-spoofing must be disabled) if nested virtualization is used. Otherwise, packets cannot be sent to/from the nested VM (or RHVM, if installed as hosted engine). Link to this section and explanation should be added to the SHE guide.

This is relevant for, but not restricted to, SHE installation. 
Confirmed by Simone Tiraboschi.
Comment 1 Simone Tiraboschi 2019-03-27 13:00:07 UTC 
(In reply to Avital Pinnick from comment #0)
> This is relevant for, but not restricted to, SHE installation. 
> Confirmed by Simone Tiraboschi.

> This is relevant for, but not restricted to, SHE installation *on nested environments*
Comment 2 Dominik Holler 2019-03-27 13:07:33 UTC 
Maybe a reference in "Table 7.7. Kernel Settings" "Nested Virtualization" a link to this information might be helpful.
Comment 3 Dominik Holler 2019-03-27 13:12:45 UTC 
SHE guide: In case you are testing SHE with a virtual host, make sure that you virtual hosts allows mac spoofing. + Reference to "VM Interface Profile Window" "Network Filter"
Comment 6 Avital Pinnick 2022-08-07 10:13:16 UTC 
Dominik, is this bug still relevant?

Admin guide now mentions the "<no network filter>" option: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide/index#Explanation_of_Settings_in_the_VM_Interface_Profile_Window

Installation guide does not mention network filters, so this might mean that it is obsolete: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/installing_red_hat_virtualization_as_a_standalone_manager_with_local_databases/index#doc-wrapper
Comment 7 Martin Perina 2022-08-08 05:43:24 UTC 
(In reply to Avital Pinnick from comment #6)
> Dominik, is this bug still relevant?
> 
> Admin guide now mentions the "<no network filter>" option:
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/
> html-single/administration_guide/
> index#Explanation_of_Settings_in_the_VM_Interface_Profile_Window
> 
> Installation guide does not mention network filters, so this might mean that
> it is obsolete:
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/
> html-single/
> installing_red_hat_virtualization_as_a_standalone_manager_with_local_database
> s/index#doc-wrapper

Eitan, could you please take a look?
Comment 8 eraviv 2022-08-08 07:04:08 UTC 
yes this is still relevant
Comment 9 ctomasko 2023-08-14 01:52:49 UTC 
RHV is end of life. This issue is deferred. If you feel strongly that documentation is required, then please re-open this issue.