Hi all,
Reading docs about using bridges in a KVM environment, I have a doubt about activating STP or not in a KVM host.
What advantages and disadvantages have?? If I will want to install some kvm guests that use multicast address for certain services, is it recommended to enable STP?
Thanks.
On 09/16/2015 03:02 PM, C.L. Martinez wrote:
STP has nothing to do with multicast as it's an Ethernet protocol. It's developed to provide loop-free redundancy links to Ethernet-based networks.
I can't imagine any legitimate use of STP within virtualized environment except when BOTH a) you don't trust the person who manages VM's (like in VPS providing) AND b) you provide more then one network interface to the virtual machine.
Otherwise STP can be used to prevent traffic storm because of malicious bridging of vNIC's inside VM.
Best regards, Dmitry Mikhailov
On 09/16/2015 03:27 PM, Dennis Jacobfeuerborn wrote:
You should always enable STP on a bridge unless you have a very specific reason not to.
It's a question in the area of network adminisration.
STP is slow by today's standards - 50 seconds to wait until it rearranges the topology is too much. And RSTP isn't supported without a special daemon.
Next, if you want some physical link level redundancy you'd better go LACP - anyway almost every managed switch that has STP also has LACP today. And you can also get speed improvement.
Next, I doubt anyone would create two vNICs on a VM that connect to the same physical network. I see no point. The chances are they're going to be VLANs on a physical network. So you need VSTP. Does your switch do VSTP and are you up to configure it?
Thus personally I don't see a point in carelessly enabling STP on a hardware node.
-
C.L. Martinez -
Dennis Jacobfeuerborn -
Dmitry E. Mikhailov