[CentOS-virt] Using STP in kvm bridges

Wed Sep 16 10:27:09 UTC 2015
Dennis Jacobfeuerborn <dennisml at conversis.de>

On 16.09.2015 12:18, C.L. Martinez wrote:
> On 09/16/2015 10:15 AM, Dmitry E. Mikhailov wrote:
>> On 09/16/2015 03:02 PM, C.L. Martinez wrote:
>>>   What advantages and disadvantages have??  If I will want to install
>>> some kvm guests that use multicast address for certain services, is it
>>> recommended to enable STP?
>> STP has nothing to do with multicast as it's an Ethernet protocol.
>> It's developed to provide loop-free redundancy links to Ethernet-based
>> networks.
>> I can't imagine any legitimate use of STP within virtualized environment
>> except when BOTH a) you don't trust the person who manages VM's (like in
>> VPS providing) AND b) you provide more then one network interface to the
>> virtual machine.
>> Otherwise STP can be used to prevent traffic storm because of malicious
>> bridging of vNIC's inside VM.
>> Best regards,
>>      Dmitry Mikhailov
> Thanks Dmitry... Uhmm, but my case is: "b) you provide more then one
> network interface to the virtual machine". I have several kvm guests
> with 3 or more network interfaces ... In this case, do you recommends to
> enable STP??

You should always enable STP on a bridge unless you have a very specific
reason not to.