5

Can a single physical interface act as “slave” for multiple bridge interfaces? For example, br0 and br1 would use eno1 physical.

Got KVM host with 4 physical nics, each nic assigned to a different vlan (en0=vlan1,en1=vlan2,en2=vlan3,en3=vlan3).

What I want to achieve is:

  1. First nic (en0) use for iLO and KVM host IPs (nic is shared on hp server).

  2. Second nic (en1) would like to share between three KVM VMs (so not sure if I can use same bridge or I need to create multiple bridges with single slave - "en1").

  3. For Third and Fourth nics - will assign new bridge interfaces as VMs will be load balanced later.

Andrew Schulman
  • 9,142
efusiweb
  • 71

2 Answers2

2

No, it can't. My Linux box says:

# brctl addbr br2
# brctl addbr br3
# brctl addif br2 enp8s0f0
# brctl addif br3 enp8s0f0
device enp8s0f0 is already a member of a bridge; can't enslave it to bridge br3.

And basically how would you expect it to work?

If you are looking at traffic isolation between VMs, then VLANs are probably what you are looking for. The other idea would be to create host only interfaces and do the routing on the host itself. But still it doesn't protect you from everything.

Tomek
  • 3,776
1

I believe you should be able to create multiple bridges to the same physical adapter, you would define the bridge in the same way, create a new bridge but bridge it back to the same adapter...

However: This would not gain you any real advantages. A single bridge would still be preferable.

In your comments you mentioned security concerns using the same bridged connection for multiple vm's, but at the end of the day, no matter how many times you bridge a single physical connection, it is still a single physical connection. Your security concerns would be the same from one bridge as it would with say 7 bridges.

Gravy
  • 788