VMware NSX provides a (heavily underestimated) SpoofGuard functionality, which prevents virtual machines to use IP addresses that are not approved by the network engineers. It guards for, guess what, IP spoofs. Virtual machines will not be able to change their IP addresses without administrative approval, which prevents issues with unauthorized changes or duplicate IPs.
SpoofGuard in NSX
SpoofGuard can operate in 3 modes:
– Approve everything (the default);
– Automatically approve first detected IP, manual approve changes;
– Manually approve all first detected IPs and changes.
While having control of the IP address changes in the virtual network is pretty … Read more