0

Consider a host machine running multiple virtual machines. Hypervisor is most likely KVM with libvirt. The host machine should be connected to some firewall or switch for filtering/analyzing traffic. Is there some way to setup the host or VMs so that I can see which traffic comes from which VM?

MAC address is not an option since it is going to stripped on the host. I could use a per VM NIC but this would require extra hardware. Any other ideas? Maybe some kind of tagging which does not get stripped by the host and does not interfere with networking?

cloudtest
  • 1
  • 2
    Why not use the IP address? – Michael Hampton Oct 06 '19 at 20:12
  • Why do you think MAC address is stripped? Does host use bridging (in which case MAC address will NOT be stripped) or routing (it will be stripped)? – Nikita Kipriyanov Oct 07 '19 at 06:13
  • @MichaelHampton I usually use NAT for networking so the firewall would just see the ip of the host which acts as the router. But when using one bridge with specific ip address per VM it might work. NikitaKipriyanov, Yes with bridging it could work. Going to give it a try. – cloudtest Oct 07 '19 at 11:28
  • Obviously you should avoid NAT whenever possible. If your host is not directly connected to the Internet, with a global IPv4 address, you don't need NAT. – Michael Hampton Oct 07 '19 at 11:49

1 Answers1

0

Not sure if this is what you want to achieve but you can install/enable SNMP client on VMs and hosts, and install a cacti/other monitoring server. Configure the cacti to monitor each NIC of the VMs and the NIC of the host where the VMs are connected. Monitor the network utilization host and compare it to VMs network utilization.

101100t
  • 1
  • 3