| 1 |
"J. Roeleveld" <joost@××××××××.org> writes: |
| 2 |
|
| 3 |
> On Monday, December 08, 2014 11:17:26 PM lee wrote: |
| 4 |
>> "J. Roeleveld" <joost@××××××××.org> writes: |
| 5 |
>> > create 1 bridge per physical network port |
| 6 |
>> > add the physical ports to the respective bridges |
| 7 |
>> |
| 8 |
>> That tends to make the ports disappear, i. e. become unusable, because |
| 9 |
>> the bridge swallows them. |
| 10 |
> |
| 11 |
> What do you mean with "unusable"? |
| 12 |
|
| 13 |
The bridge swallows the physical port, and the port becomes |
| 14 |
unreachable. IIRC, you can get around this by assigning an IP address |
| 15 |
to the bridge rather than to the physical port ... In any case, I'm |
| 16 |
finding bridges very confusing. |
| 17 |
|
| 18 |
>> > pass virtual NICs to the VMs which are part of the bridges. |
| 19 |
>> |
| 20 |
>> Doesn't that create more CPU load than passing the port? |
| 21 |
> |
| 22 |
> Do you have an IOMMU on the host? |
| 23 |
> I don't notice any significant increase in CPU-usage caused by the network |
| 24 |
> layer. |
| 25 |
|
| 26 |
Yes, and the kernel turns it off. Apparently it's expected to be more |
| 27 |
advantageous for some reason to use software emulation instead. |
| 28 |
|
| 29 |
>> And at some |
| 30 |
>> point, you may saturate the bandwidth of the port. |
| 31 |
> |
| 32 |
> And how is this different from assigning the network interface directly? |
| 33 |
|
| 34 |
With more physical ports, you have more bandwidth available. |
| 35 |
|
| 36 |
>> My switch supports bonding, which means I have a total of 4Gbit/s between the |
| 37 |
>> server and switch for all networks. (using VLANs) |
| 38 |
|
| 39 |
I don't know if mine does. |
| 40 |
|
| 41 |
>> > But it's your server, you decide on the complexity. |
| 42 |
>> > |
| 43 |
>> > I stopped passing physical NICs when I was encountering issues with newer |
| 44 |
>> > cards. |
| 45 |
>> > They are now resolved, but passing virtual interfaces is simpler and more |
| 46 |
>> > reliable. |
| 47 |
>> |
| 48 |
>> The only issue I have with passing the port is that the kernel module |
| 49 |
>> must not be loaded from the initrd image. So I don't see how fighting |
| 50 |
>> with the bridges would make things easier. |
| 51 |
> |
| 52 |
> Unless you are forced to use some really weird configuration utility for the |
| 53 |
> network, configuring a bridge and assiging the bridge in the xen-domain config |
| 54 |
> file is simpler then assigning physical network interfaces. |
| 55 |
|
| 56 |
Hm, how is that simpler? And how do you keep the traffic separated when |
| 57 |
everything goes over the same bridge? What about pppoe connections? |
| 58 |
|
| 59 |
|
| 60 |
-- |
| 61 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 62 |
might swallow us. Finally, this fear has become reasonable. |
Archives