Hi, all the descriptions of networking setups with VMs I`m seeing involve bridges. The only use I see for bridges is when I actually want to be able to send network traffic to multiple arbitrary interfaces connected to the bridge. I do neither need, nor want bridges when I want to keep the VMs separated, like when separating a VM in a DMZ from a VM in the LAN. The bridge acts like a hub. Looking at  makes it seem that this is undesirable --- otherwise there wouldn`t be need for a software switch to prevent network traffic on a bridge from going to all of the connected interfaces. When there`s a bridge with multiple VMs connected to it, is a software switch desirable to prevent network traffic on the bridge from going to interfaces it doesn`t need to go to? If so, isn`t it better not to use a bridge to begin with? Can`t we simply have virtual interfaces on the physical host which are the "other end" of the interfaces showing up in the VMs, without bridges?  seems to suggest to leave all bridges "dangling", i. e. it says you`re not supposed to connect an interface to the bridge. What`s the point of a bridge when only a single interface is connected to it? : http://openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/ : http://wiki.libvirt.org/page/Networking -- Knowledge is volatile and fluid. Software is power.