| 1 |
On Sunday, December 07, 2014 11:43:38 PM lee wrote: |
| 2 |
> "J. Roeleveld" <joost@××××××××.org> writes: |
| 3 |
> > On Thursday, December 04, 2014 07:11:12 PM lee wrote: |
| 4 |
> >> > Why is the networking complicated? Do you use bridging? |
| 5 |
> >> |
| 6 |
> >> Yes --- and it was terrible to begin with and still is very complicated. |
| 7 |
> >> One of the VMs has a network card passed through to do pppoe for the |
| 8 |
> >> internet connection, and it also does routing and firewalling. The |
| 9 |
> >> Gentoo VM is supposed to have another network card passed through |
| 10 |
> >> because I want a separate network for miscellaneous devices like IP |
| 11 |
> >> phones and printers. Asterisk is going to run on the Gentoo VM. |
| 12 |
> > |
| 13 |
> > This sounds convoluted. Why add to the complexity by adding multiple |
| 14 |
> > network cards into the machine and pass the physical cards? |
| 15 |
> |
| 16 |
> How else do you do pppoe and keep the different networks physically |
| 17 |
> seperated? |
| 18 |
|
| 19 |
Networks that need to be physically seperated, require either of: |
| 20 |
1) seperate NICs |
| 21 |
2) VLANs |
| 22 |
|
| 23 |
My comment about the complexity, however, was related to passing physical |
| 24 |
cards to the VMs instead of adding the cards to seperate bridges inside the |
| 25 |
host and using virtual NICs. |
| 26 |
|
| 27 |
> >> Besides devices, there's the usual net, dmz and loc zones. To top it |
| 28 |
> >> off, sooner or later I want to pass another network card to the |
| 29 |
> >> firewall/router because I have an internet connection which is currently |
| 30 |
> >> not in use and should be employed as an automatic fallback. |
| 31 |
> > |
| 32 |
> > How many cards are you planning on having in the machine? |
| 33 |
> > Are all these connected to the same switch? |
| 34 |
> |
| 35 |
> It has currently four network ports. Only one of them is connected to |
| 36 |
> the switch. Another one is connected to the pppoe line, and the other |
| 37 |
> two (on a dual card) aren't connected yet. |
| 38 |
> |
| 39 |
> I plan to use one for the devices network and the other one for the |
| 40 |
> second internet connection. None of them needs to/should be connected |
| 41 |
> to the switch. The VM running asterisk will need a second interface |
| 42 |
> that connects to a bridge so it can reach the router/firewall. The |
| 43 |
> interface for the second internet connection needs to be passed to the |
| 44 |
> router/firewall. |
| 45 |
> |
| 46 |
> Can you think of an easier setup? |
| 47 |
|
| 48 |
create 1 bridge per physical network port |
| 49 |
add the physical ports to the respective bridges |
| 50 |
|
| 51 |
pass virtual NICs to the VMs which are part of the bridges. |
| 52 |
|
| 53 |
But it's your server, you decide on the complexity. |
| 54 |
|
| 55 |
I stopped passing physical NICs when I was encountering issues with newer |
| 56 |
cards. |
| 57 |
They are now resolved, but passing virtual interfaces is simpler and more |
| 58 |
reliable. |
| 59 |
|
| 60 |
-- |
| 61 |
Joost |
| 62 |
|
| 63 |
-- |
| 64 |
Joost |
Archives