Oracle Solaris data link protection prevents the potential damage that can be caused by malicious guest VMs to the network.
Enabling the snoop proofing configuration improves network performance, by enabling the virtual environment's network traffic to be isolated from the wider traffic that is received or sent by the host system. The link protection prevents the damage that can be caused by potentially malicious guest VMs to the network. The feature offers protection from these basic threats:
IP and MAC spoofing
L2 frame spoofing such as Bridge Protocol Data Unit (BPDU) attacks
# dladm set-linkprop -p protection=mac-nospoof,restricted,ip-nospoof,dhcp-nospoof netx
Where netx corresponds to each physical link connected to the 10Gb client network.
# dladm show-linkprop -p protection netx LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE net0 protection rw mac-nospoof mac-nospoof -- mac-nospoof, restricted restricted -- restricted, ip-nospoof ip-nospoof -- ip-nospoof, dhcp-nospoof dhcp-nospoof -- dhcp-nospoof
Where netx corresponds to each physical link connected to the 10Gb client network.
# dladm set-linkprop -p allowed-ips=10.0.0.1,10.0.0.2 netx