[CentOS] oops, or how to bring a datacenter router down with one setting
Gordon Messmer
yinyang at eburg.com
Tue Feb 14 00:11:26 UTC 2012
On 02/10/2012 05:54 AM, Bob Hoffman wrote:
> Yea, I gave up on bonding, ended up just using eth1. But every tutorial
> I found had added eth0 and eth1 as interfaces to br0, thus sharing the
> bridge so to speak.
Those tutorials were documenting the manner in which you can set up a
transparent Linux firewall. That's not what you want to do with a KVM
server.
Creating an Ethernet bridge and adding two interfaces to it effectively
makes a Linux host into a two-port switch with firewalling.
If you connect multiple ports from one switch to ports on a second
switch (two bridged Linux Ethernet ports to a switch) you create a
switch loop. Switch loops will endlessly replay broadcast traffic (such
as ARP), creating a broadcast storm.
Yes, that can consume all of a router's CPU cycles quite easily. That
is why data centers should always run spanning tree on their switches.
STP will shut off ports that get looped.
More information about the CentOS
mailing list