Section Number and Name:
Limiting Pod Access with an Egress Router - > Important Deployment Considerations -> VMWare
Describe the issue:
The doc says:
"If you are using VMware vSphere, follow VMware’s Securing Virtual Switch Ports and Forged Transmissions guidance."
But it is not clear what need to be done.
Suggestions for improvement:
Clear statement on what needs to be enabled on VMWare side, where and why.
Looks like also promiscuous mode needs to be enabled:
Egress router (MacVLAN) does not work on VMWare - https://access.redhat.com/solutions/3003011
Bug 1437568 - Egress routing doesn't work Vmware platform if promiscuous mode setting is not enabled in dvswitch
You also need to enable promiscuous mode if you are using ipfailover.
PR submitted for this BZ:
However, I'm not sure if there's enough information. It's one thing to list what's needed, but I can't find how to do it.
Javier, is there any more information? The solution in the initial comment doesn't seem too answer any questions, and what's in the PR is all I could find. Thanks.
(In reply to brice from comment #2)
> PR submitted for this BZ:
> However, I'm not sure if there's enough information. It's one thing to list
> what's needed, but I can't find how to do it.
> Javier, is there any more information? The solution in the initial comment
> doesn't seem too answer any questions, and what's in the PR is all I could
> find. Thanks.
Thanks , I think it is enough.
Thanks, Javier. I'll put this on to QA.
Can I ask if more information is needed to enable MAC Address Changes, Forged Transits, and Promiscuous Mode Operation? Thanks.
We did not test the egress router on VMWare since the platform has not been fully supported yet, and only some storage related features were tested there.
As the egress router is relying on the macvlan, so I think it will work if all the configurations which the macvlan requires are set.
Ok. Thanks. I'll move to completed.
Commit pushed to master at https://github.com/openshift/openshift-docs
Merge pull request #5317 from bfallonf/vmware_1490806
Bug 1490806 Changed vmware vsphere info to be more accurate
Link to released docs: