[CentOS-virt] Why are bridges required?

Tue Jun 3 03:06:53 UTC 2014
Ilya Ponetayev <instenet at gmail.com>

You may create as many bridges as you want to have virtual interfaces, 
each bridge consisting only of connection to single VM, and handle 
traffic between bridges and between physical interfaces of host through 
iptables/iproute.

IHMO bridging is the most proper and popular technique because it 
provides the most flexible configuration. Your VM sees NIC as Ethernet 
card (so with all L2 features), so either you can terminate this L2 pipe 
with bridge in host, and perform L3/higher level handling, or you can 
use for example DHCP server on host binded to your bridge, or 
VLAN-handling config.

On 03.06.2014 06:25, lee wrote:
> Hi,
>
> all the descriptions of networking setups with VMs I`m seeing involve
> bridges.  The only use I see for bridges is when I actually want to be
> able to send network traffic to multiple arbitrary interfaces connected
> to the bridge.  I do neither need, nor want bridges when I want to keep
> the VMs separated, like when separating a VM in a DMZ from a VM in the
> LAN.
>
> The bridge acts like a hub.  Looking at [1] makes it seem that this is
> undesirable --- otherwise there wouldn`t be need for a software switch
> to prevent network traffic on a bridge from going to all of the
> connected interfaces.
>
> When there`s a bridge with multiple VMs connected to it, is a software
> switch desirable to prevent network traffic on the bridge from going to
> interfaces it doesn`t need to go to?  If so, isn`t it better not to use
> a bridge to begin with?
>
> Can`t we simply have virtual interfaces on the physical host which are
> the "other end" of the interfaces showing up in the VMs, without
> bridges?
>
> [2] seems to suggest to leave all bridges "dangling", i. e. it says
> you`re not supposed to connect an interface to the bridge.  What`s the
> point of a bridge when only a single interface is connected to it?
>
>
> [1]:
> http://openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/
>
> [2]: http://wiki.libvirt.org/page/Networking
>
>


-- 

Sincerely yours, Ilya Ponetayev <instenet at gmail.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4246 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20140603/1a32909f/attachment-0001.p7s>