Hi Lee If you are to virtualize the network stack properly you need to do it all the way down to layer2. How do you connect multiple layer 2 devices together? Well a bridge, a switch being many bridges all in the one box. Hubs are not relevant here as there is no physical medium. As the llya said it totally possible to have a 1:1 relationship between the vms and host, ie a dedicated bridge per vm, with its own ip network on (/30 for ipv4, or /64 for ipv6). The host machine then does all the routing and/or natting for the guests On 3 June 2014 04:06, Ilya Ponetayev <instenet at gmail.com> wrote: > You may create as many bridges as you want to have virtual interfaces, > each bridge consisting only of connection to single VM, and handle traffic > between bridges and between physical interfaces of host through > iptables/iproute. > > IHMO bridging is the most proper and popular technique because it provides > the most flexible configuration. Your VM sees NIC as Ethernet card (so with > all L2 features), so either you can terminate this L2 pipe with bridge in > host, and perform L3/higher level handling, or you can use for example DHCP > server on host binded to your bridge, or VLAN-handling config. > > > On 03.06.2014 06:25, lee wrote: > >> Hi, >> >> all the descriptions of networking setups with VMs I`m seeing involve >> bridges. The only use I see for bridges is when I actually want to be >> able to send network traffic to multiple arbitrary interfaces connected >> to the bridge. I do neither need, nor want bridges when I want to keep >> the VMs separated, like when separating a VM in a DMZ from a VM in the >> LAN. >> >> The bridge acts like a hub. Looking at [1] makes it seem that this is >> undesirable --- otherwise there wouldn`t be need for a software switch >> to prevent network traffic on a bridge from going to all of the >> connected interfaces. >> >> When there`s a bridge with multiple VMs connected to it, is a software >> switch desirable to prevent network traffic on the bridge from going to >> interfaces it doesn`t need to go to? If so, isn`t it better not to use >> a bridge to begin with? >> >> Can`t we simply have virtual interfaces on the physical host which are >> the "other end" of the interfaces showing up in the VMs, without >> bridges? >> >> [2] seems to suggest to leave all bridges "dangling", i. e. it says >> you`re not supposed to connect an interface to the bridge. What`s the >> point of a bridge when only a single interface is connected to it? >> >> >> [1]: >> http://openvswitch.org/support/config-cookbooks/vlan- >> configuration-cookbook/ >> >> [2]: http://wiki.libvirt.org/page/Networking >> >> >> > > -- > > Sincerely yours, Ilya Ponetayev <instenet at gmail.com> > > > _______________________________________________ > CentOS-virt mailing list > CentOS-virt at centos.org > http://lists.centos.org/mailman/listinfo/centos-virt > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20140603/1482df81/attachment-0003.html>