CDX-301f · Module 3

Network Isolation Enforcement

3 min read

Network isolation enforcement goes beyond the allowlist to ensure microVMs cannot communicate with each other, cannot reach the host network, and cannot bypass the proxy. Each microVM has its own network namespace with a single TAP interface connected to the host. The host-side iptables rules enforce three invariants: no VM-to-VM traffic (even if two VMs belong to the same user), no VM-to-host traffic (the VM cannot access host services), and all egress goes through the proxy (no direct internet access).

Isolation enforcement is verified through automated tests that run continuously in the production environment. A canary microVM periodically attempts to reach other VMs, the host network, and non-allowlisted internet endpoints. Any successful connection triggers an alert and a policy review. This defense-in-depth approach ensures that isolation is not just configured but actively verified — a misconfigured iptables rule or a proxy bypass is detected within minutes, not discovered after an incident.

# Isolation invariants

1. No VM-to-VM traffic
   - Each VM gets a unique subnet (/30)
   - No routing between VM subnets
   - ARP isolation via proxy ARP on host

2. No VM-to-host traffic
   - Host services bound to loopback only
   - iptables DROP for VM→host on all ports
   - Exception: host proxy port (for egress)

3. All egress through proxy
   - Default route → host proxy
   - iptables REDIRECT for port 80/443 → proxy
   - Non-HTTP protocols → Layer 4 proxy with allowlist

# Canary verification

Frequency: every 5 minutes
Tests:
  - Attempt TCP connection to another VM's IP
  - Attempt TCP connection to host management port
  - Attempt DNS resolution for non-allowlisted domain
  - Attempt direct internet access (bypass proxy)
Expected: all tests FAIL
Alert: any test PASSES → P1 incident
  1. Verify VM-to-VM isolation Spin up two microVMs and attempt to ping between them. The ping must fail. If it succeeds, your subnet isolation or iptables rules have a gap.
  2. Test host access blocking From inside a microVM, attempt to connect to host ports (SSH, Docker API, management interfaces). All connections must be refused or dropped.
  3. Validate proxy enforcement Attempt a direct HTTPS connection (bypassing the proxy) from inside a microVM. It must fail — all egress must route through the proxy.