Hi all,
Reading docs about using bridges in a KVM environment, I have a doubt about activating STP or not in a KVM host.
What advantages and disadvantages have?? If I will want to install some kvm guests that use multicast address for certain services, is it recommended to enable STP?
Thanks.
On 09/16/2015 03:02 PM, C.L. Martinez wrote:
What advantages and disadvantages have?? If I will want to install some kvm guests that use multicast address for certain services, is it recommended to enable STP?
STP has nothing to do with multicast as it's an Ethernet protocol. It's developed to provide loop-free redundancy links to Ethernet-based networks.
I can't imagine any legitimate use of STP within virtualized environment except when BOTH a) you don't trust the person who manages VM's (like in VPS providing) AND b) you provide more then one network interface to the virtual machine.
Otherwise STP can be used to prevent traffic storm because of malicious bridging of vNIC's inside VM.
Best regards, Dmitry Mikhailov
On 09/16/2015 10:15 AM, Dmitry E. Mikhailov wrote:
On 09/16/2015 03:02 PM, C.L. Martinez wrote:
What advantages and disadvantages have?? If I will want to install some kvm guests that use multicast address for certain services, is it recommended to enable STP?
STP has nothing to do with multicast as it's an Ethernet protocol. It's developed to provide loop-free redundancy links to Ethernet-based networks.
I can't imagine any legitimate use of STP within virtualized environment except when BOTH a) you don't trust the person who manages VM's (like in VPS providing) AND b) you provide more then one network interface to the virtual machine.
Otherwise STP can be used to prevent traffic storm because of malicious bridging of vNIC's inside VM.
Best regards, Dmitry Mikhailov
Thanks Dmitry... Uhmm, but my case is: "b) you provide more then one network interface to the virtual machine". I have several kvm guests with 3 or more network interfaces ... In this case, do you recommends to enable STP??
On 16.09.2015 12:18, C.L. Martinez wrote:
On 09/16/2015 10:15 AM, Dmitry E. Mikhailov wrote:
On 09/16/2015 03:02 PM, C.L. Martinez wrote:
What advantages and disadvantages have?? If I will want to install some kvm guests that use multicast address for certain services, is it recommended to enable STP?
STP has nothing to do with multicast as it's an Ethernet protocol. It's developed to provide loop-free redundancy links to Ethernet-based networks.
I can't imagine any legitimate use of STP within virtualized environment except when BOTH a) you don't trust the person who manages VM's (like in VPS providing) AND b) you provide more then one network interface to the virtual machine.
Otherwise STP can be used to prevent traffic storm because of malicious bridging of vNIC's inside VM.
Best regards, Dmitry Mikhailov
Thanks Dmitry... Uhmm, but my case is: "b) you provide more then one network interface to the virtual machine". I have several kvm guests with 3 or more network interfaces ... In this case, do you recommends to enable STP??
You should always enable STP on a bridge unless you have a very specific reason not to.
Regards, Dennis
On 09/16/2015 03:27 PM, Dennis Jacobfeuerborn wrote:
You should always enable STP on a bridge unless you have a very specific reason not to.
It's a question in the area of network adminisration.
STP is slow by today's standards - 50 seconds to wait until it rearranges the topology is too much. And RSTP isn't supported without a special daemon.
Next, if you want some physical link level redundancy you'd better go LACP - anyway almost every managed switch that has STP also has LACP today. And you can also get speed improvement.
Next, I doubt anyone would create two vNICs on a VM that connect to the same physical network. I see no point. The chances are they're going to be VLANs on a physical network. So you need VSTP. Does your switch do VSTP and are you up to configure it?
Thus personally I don't see a point in carelessly enabling STP on a hardware node.
On 09/16/2015 03:18 PM, C.L. Martinez wrote:
Thanks Dmitry... Uhmm, but my case is: "b) you provide more then one network interface to the virtual machine". I have several kvm guests with 3 or more network interfaces ... In this case, do you recommends to enable STP??
If you are the one who manages the VM's and you're not masochistic to intentionally bridge vNICs inside some VM, you don't need it.
-
C.L. Martinez -
Dennis Jacobfeuerborn -
Dmitry E. Mikhailov