[CentOS-virt] Why are bridges required?

Tue Jun 3 02:25:24 UTC 2014
lee <lee at yun.yagibdah.de>

Hi,

all the descriptions of networking setups with VMs I`m seeing involve
bridges.  The only use I see for bridges is when I actually want to be
able to send network traffic to multiple arbitrary interfaces connected
to the bridge.  I do neither need, nor want bridges when I want to keep
the VMs separated, like when separating a VM in a DMZ from a VM in the
LAN.

The bridge acts like a hub.  Looking at [1] makes it seem that this is
undesirable --- otherwise there wouldn`t be need for a software switch
to prevent network traffic on a bridge from going to all of the
connected interfaces.

When there`s a bridge with multiple VMs connected to it, is a software
switch desirable to prevent network traffic on the bridge from going to
interfaces it doesn`t need to go to?  If so, isn`t it better not to use
a bridge to begin with?

Can`t we simply have virtual interfaces on the physical host which are
the "other end" of the interfaces showing up in the VMs, without
bridges?

[2] seems to suggest to leave all bridges "dangling", i. e. it says
you`re not supposed to connect an interface to the bridge.  What`s the
point of a bridge when only a single interface is connected to it?


[1]:
http://openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/

[2]: http://wiki.libvirt.org/page/Networking


-- 
Knowledge is volatile and fluid.  Software is power.