I had to figure it out on my own with a lot of testing, and I'm sure there are other ways to do things. But I found bridges to be the best way to go for attaching to the lan or wan, and virtual nets are great for guest-to-guest, or guest-to-server communication.
A bridge lets several guests share one nic, but they can also be used to assign one guest to one nic. There is no magic involved, however - if you have too many guests sharing one network card, you're going to develop a bottleneck.
Virtual networks travel across the server's internal buses, so you aren't sending traffic out to the network switch, which lowers traffic on your lan. And it's pretty fast. Of course, you can connect a virtual lan to the outside world by using the server's real nic as a gateway, but you'll still develop a bottleneck with too many guests.
I think it's best to stick as many real nics into a server as you can and bridge them for the guests, but use one solely for the server's use (for updates, VNC management, ect.)
-----Original Message----- From: centos-virt-bounces@centos.org [mailto:centos-virt-bounces@centos.org] On Behalf Of James B. Byrne Sent: Wednesday, May 26, 2010 2:37 PM To: centos-virt@centos.org Subject: [CentOS-virt] How to connect a guest to a fixed routable address?
I am experimenting with kvm on a quad x86_64 running CentOS-5.5. I have created my first virtual guest and it seems to run fine. Now I wish to assign that particular guest to a fixed, public IP address. There seems to be at least two ways to proceed and I am soliciting comments on the preferred approach.
In the first instance I can use brctl to create a bridged 'shared physical device' and presumably add that device to the network configuration of the guest, assigning the IP connection details there.
In the second, I can continue to use the virtual networking system, albeit with fixed private as opposed to DHCP assigned addresses. In this case I gather that I must use ifconfig to add public IP addresses to the eth0 interface of the host and use iptables to route the public to the private address.
Firstly, are my inferences correct? Are there any other approaches that I cannot discern? If these are the only two methods then which is the preferred one? I get the sense that bridging works in a manner that permits only one guest to access that physical device, however the documentation is not explicit on the matter.
I have looked extensively for guidance but I suspect that a great deal of what I have read is somewhat dated and likely to cause me more trouble than help.