Re: [libvirt] Need review of new vswitch concept info for technical accuracy

On 10/16/2010 03:01 PM, Justin Clift wrote: In case of the NAT I would mention that it is setting up Masquerading (rather than SNAT / DNAT) which basically only allows the VM to establish connections to the outside but not the other way around. From the page: Routed mode Also commonly referred to as *bridging*. In this mode, the virtual switch is connected to the physical host LAN, passing guest network traffic back and forth without using NAT. In this mode, computers external to the host server directly address and communicate with guest virtual machines. Routing and bridging are different, the one working on l3, the other on l2. So I would not say that it is 'commonly referred to as bridging', since this is mixing different concepts. I suppose you describe the configuration where eth0 is plugged into the bridge virbr0. If yes, I would title the section as 'bridging' mode. Typically in this case the VMs pick up an address in the physical subnet from an infrastructure DHCP server and they can communicate towards the outside or be contacted from anywhere from the outside (assuming routable addresses). The addresses you are showing in the example picture 10.10.10.100 and 10.10.10.200 are typically 'private', thus will only be routed in the local network, but that's ok. However, there is this other mode libvirt is supporting where the VM's interfaces are plugged in virbr0, thus they do bridging when one VM communicates with another VM. However, the bridge can be given an IP address and when a VM wants to talk to another host or VM in the network (beyond the VM-hosting host), the packets 'escape' the bridge, are routed on the Linux host towards eth0 and then delivered to the other host in the local subnet. Now that is a mix between routing and bridging. Stefan