[CentOS-virt] Why are bridges required?
kraduk at gmail.com
Tue Jun 3 07:45:14 UTC 2014
If you are to virtualize the network stack properly you need to do it all
the way down to layer2. How do you connect multiple layer 2 devices
together? Well a bridge, a switch being many bridges all in the one box.
Hubs are not relevant here as there is no physical medium. As the llya said
it totally possible to have a 1:1 relationship between the vms and host, ie
a dedicated bridge per vm, with its own ip network on (/30 for ipv4, or /64
for ipv6). The host machine then does all the routing and/or natting for
On 3 June 2014 04:06, Ilya Ponetayev <instenet at gmail.com> wrote:
> You may create as many bridges as you want to have virtual interfaces,
> each bridge consisting only of connection to single VM, and handle traffic
> between bridges and between physical interfaces of host through
> IHMO bridging is the most proper and popular technique because it provides
> the most flexible configuration. Your VM sees NIC as Ethernet card (so with
> all L2 features), so either you can terminate this L2 pipe with bridge in
> host, and perform L3/higher level handling, or you can use for example DHCP
> server on host binded to your bridge, or VLAN-handling config.
> On 03.06.2014 06:25, lee wrote:
>> all the descriptions of networking setups with VMs I`m seeing involve
>> bridges. The only use I see for bridges is when I actually want to be
>> able to send network traffic to multiple arbitrary interfaces connected
>> to the bridge. I do neither need, nor want bridges when I want to keep
>> the VMs separated, like when separating a VM in a DMZ from a VM in the
>> The bridge acts like a hub. Looking at  makes it seem that this is
>> undesirable --- otherwise there wouldn`t be need for a software switch
>> to prevent network traffic on a bridge from going to all of the
>> connected interfaces.
>> When there`s a bridge with multiple VMs connected to it, is a software
>> switch desirable to prevent network traffic on the bridge from going to
>> interfaces it doesn`t need to go to? If so, isn`t it better not to use
>> a bridge to begin with?
>> Can`t we simply have virtual interfaces on the physical host which are
>> the "other end" of the interfaces showing up in the VMs, without
>>  seems to suggest to leave all bridges "dangling", i. e. it says
>> you`re not supposed to connect an interface to the bridge. What`s the
>> point of a bridge when only a single interface is connected to it?
>> : http://wiki.libvirt.org/page/Networking
> Sincerely yours, Ilya Ponetayev <instenet at gmail.com>
> CentOS-virt mailing list
> CentOS-virt at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS-virt