| 1 |
thegeezer <thegeezer@×××××××××.net> writes: |
| 2 |
|
| 3 |
> On 08/12/14 22:17, lee wrote: |
| 4 |
>> "J. Roeleveld" <joost@××××××××.org> writes: |
| 5 |
>> |
| 6 |
>>> create 1 bridge per physical network port |
| 7 |
>>> add the physical ports to the respective bridges |
| 8 |
>> That tends to make the ports disappear, i. e. become unusable, because |
| 9 |
>> the bridge swallows them. |
| 10 |
> and if you pass the device then it becomes unusable to the host |
| 11 |
|
| 12 |
The VM uses it instead, which is what I wanted :) |
| 13 |
|
| 14 |
>>> pass virtual NICs to the VMs which are part of the bridges. |
| 15 |
>> Doesn't that create more CPU load than passing the port? And at some |
| 16 |
>> point, you may saturate the bandwidth of the port. |
| 17 |
> |
| 18 |
> some forward planning is needed. obviously if you have two file servers |
| 19 |
> using the same bridge and that bridge only has one physical port and the |
| 20 |
> SAN is not part of the host then you might run into trouble. however, |
| 21 |
> you can use bonding in various ways to group connections -- and in this |
| 22 |
> way you can have a virtual nic that actually has 2x 1GB bonded devices, |
| 23 |
> or if you choose to upgrade at a later stage you can start putting in |
| 24 |
> 10GbE cards and the virtual machine sees nothing different, just access |
| 25 |
> is faster. |
| 26 |
> on the flip side you can have four or more relatively low bandwidth |
| 27 |
> requirement virtual machines running on the same host through the same |
| 28 |
> single physical port |
| 29 |
> think of the bridge as an "internal, virtual, network switch"... you |
| 30 |
> wouldn't load up a switch with 47 high bandwidth requirement servers and |
| 31 |
> then create a single uplink to the SAN / other network without seriously |
| 32 |
> considering bonding or partitioning in some way to reduce the 47into1 |
| 33 |
> bottleneck, and the same is true of the virtual-switch (bridge) |
| 34 |
> |
| 35 |
> the difference is that you need to physically be there to repatch |
| 36 |
> connections or to add a new switch when you run out of ports. these |
| 37 |
> limitations are largely overcome. |
| 38 |
|
| 39 |
That all makes sense; my situation is different, though. I plugged a |
| 40 |
dual port card into the server and wanted to use one of the ports for |
| 41 |
another internet connection and the other one for a separate network, |
| 42 |
with firewalling and routing in between. You can't keep the traffic |
| 43 |
separate when it all goes over the same bridge, can you? |
| 44 |
|
| 45 |
And the file server could get it's own physical port --- not because |
| 46 |
it's really needed but because it's possible. I could plug in another |
| 47 |
dual-port card for that and experiment with bonding. |
| 48 |
|
| 49 |
However, I've changed plans and intend to use a workstation as a hybrid |
| 50 |
system to reduce power consumption and noise, and such a setup has other |
| 51 |
advantages, too. I'll put Gentoo on it and probably use containers for |
| 52 |
the VMs. Then I can still use the server for experiments and/or run |
| 53 |
distcc on it when I want to. |
| 54 |
|
| 55 |
>> The only issue I have with passing the port is that the kernel module |
| 56 |
>> must not be loaded from the initrd image. So I don't see how fighting |
| 57 |
>> with the bridges would make things easier. |
| 58 |
>> |
| 59 |
>> |
| 60 |
> |
| 61 |
> vif=[ 'mac=de:ad:be:ef:00:01,bridge=br0' ] |
| 62 |
> |
| 63 |
> am i missing where the fight is ? |
| 64 |
|
| 65 |
setting up the bridges |
| 66 |
|
| 67 |
no documentation about in which order a VM will see the devices |
| 68 |
|
| 69 |
a handful of bridges and VMs |
| 70 |
|
| 71 |
a firewall/router VM with it's passed-through port for pppoe and three |
| 72 |
bridges |
| 73 |
|
| 74 |
the xen documentation being an awful mess |
| 75 |
|
| 76 |
an awful lot of complexity required |
| 77 |
|
| 78 |
|
| 79 |
Guess what, I still haven't found out how to actually back up and |
| 80 |
restore a VM residing in an LVM volume. I find it annoying that LVM |
| 81 |
doesn't have any way of actually copying a LV. It could be so easy if |
| 82 |
you could just do something like 'lvcopy lv_source |
| 83 |
other_host:/backups/lv_source_backup' and 'lvrestore |
| 84 |
other_host:/backups/lv_source_backup vg_target/lv_source' --- or store |
| 85 |
the copy of the LV in a local file somewhere. |
| 86 |
|
| 87 |
Just why can't you? ZFS apparently can do such things --- yet what's |
| 88 |
the difference in performance of ZFS compared to hardware raid? |
| 89 |
Software raid with MD makes for quite a slowdown. |
| 90 |
|
| 91 |
> the only issue with bridges is that if eth0 is in the bridge, if you try |
| 92 |
> to use eth0 directly with for example an IP address things go a bit |
| 93 |
> weird, so you have to use br0 instead |
| 94 |
> so don't do that. |
| 95 |
|
| 96 |
Yes, it's very confusing. |
| 97 |
|
| 98 |
> perhaps you don't need a full bridge and you might just prefer to lookup |
| 99 |
> macvlan instead. |
| 100 |
> this lets you create a new virtual device that behaves much more like a |
| 101 |
> secondary nic |
| 102 |
> e.g. in /etc/conf.d/net |
| 103 |
> |
| 104 |
> macvlan_xenguest1="eth0" |
| 105 |
> mode_xenguest1="private" |
| 106 |
> mac_xenguest1="de:ad:be:ef:00:01" |
| 107 |
> config_xenguest1="192.168.1.12/24" |
| 108 |
> routes_xenguest1="default via 192.168.1.1" |
| 109 |
> modules_xenguest1="!ifplugd" |
| 110 |
> |
| 111 |
> you can then |
| 112 |
> /etc/init.d/net.xenguest1 start |
| 113 |
> |
| 114 |
> i'm not big into xen but i believe you should be able to pass this as a |
| 115 |
> "physical" device to xen and it then comes out on network interface eth0 |
| 116 |
> this way you get to keep your port without it being eaten by the bridge |
| 117 |
> do let me know if this works with xen i'll add it to my toolbox |
| 118 |
|
| 119 |
Hmm, and where's the other end of it? Some physical port? So it's like |
| 120 |
plugging in several virtual cables into the same physical port, with a |
| 121 |
built-in firewall and router? |
| 122 |
|
| 123 |
|
| 124 |
-- |
| 125 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 126 |
might swallow us. Finally, this fear has become reasonable. |
Archives