On 11/25/2015 07:18 AM, Sergio Belkin wrote:
> Are you talking bearing in mind VirtualBox?
Actually, no. I'd either missed that detail or forgotten it by that
time in the conversation. This might be the wrong list for VirtualBox
questions, since it's not distributed with CentOS. I've worked with
VirtualBox only a little bit, and I'm not sure what you're trying to do
is possible. I think it is, but I can only really describe how to
accomplish what you're trying to do with respect to libvirt/KVM (the
virtualization platform that's distributed with CentOS).
Anyway, the first thing you'd want to do is create a bridge interface
with no slaves, and then create two VMs. They should be attached to
that bridge device. (In virtualbox you might be able to do that with
"bridged networking" to br0, or you might be able to skip the virt host
bridge and use "internal networking". Try the former first.) The two
VMs will not be attached to the real network, but should be able to
reach each other. Now your topology looks like this:
---| Network |---| (eth0)-VM Host-(br0) |--+| (eth0)-VM1 |
\| (eth0)-VM2 |
...your virtualization host is connected to the real network on eth0.
The two VMs are attached to its br0 interface. They each have one
"ethernet" interface and can communicate with each other.
Once you've set that up and verified that it works, set up a new bridge
interface, br1. Move the IP configuration from eth0 to br1, and make
eth0 a slave of br1. Make sure the virtualization host has network
connectivity. Your network topology looks exactly like it did before,
except that the virt host uses br1 (with eth0 as a slave) to connect to
the real network.
---| Network |---| (br1)-VM Host-(br0) |--+| (eth0)-VM1 |
\| (eth0)-VM2 |
Next, you can add a second interface to VM1. This one will be connected
to br1. (again, in virtualbox, you might be able to do this with
bridged networking.) Give VM1's new interface (it's eth1) an IP
configuration appropriate for your real network, and verify that it has
full internet connectivity. Now your network looks like this:
/------------------| (eth1)\
---| Network |---| (br1)-VM Host-(br0) |--+| (eth0)-VM1 |
\| (eth0)-VM2 |
So, now VM2 can reach VM1, but not the real network, and VM1 can reach
the real network.
Finally, you'll create a bridge interface in VM1, and make both of its
"ethernet" interfaces slaves. Move its IP configuration from eth1 to
its new br0, and drop the IP configuration from eth0. This will give
VM2 connectivity to the real network, so update its IP configuration to
be compatible with the real network. Now your network looks like this:
/------------------| (eth1)\
---| Network |---| (br1)-VM Host-(br0) |--+| (eth0)-(br0)-VM1 |
\| (eth0)-VM2 |
When VM2 transmits a packet, it will be sent out VM2-eth0, across VM
Host br0 to VM1-eth0, across VM1-br0 to VM Host-br1, to the real network.
And most importantly, no bridge connects two interfaces to the same
broadcast domain. VM Host's br0 creates a collision domain spanning the
two VMs. VM Host's br1 creates a collision domain spanning the physical
network and VM1's eth1 interface. And VM1's br0 bridges those two
collision domains. No loops.
I don't know what performance will look like under VirtualBox, since I
don't use it for this sort of thing. However, under KVM/libvirt,
performance should be fairly good.