Re: macvtap with disconnected physical interface

I generally use plain bridge for my KVM setup. Specifically, when using VLANs I setup the following: eth -> eth.xx -> bridge -> vnet This time, however, I need *both* a trunk-enabled VM (a virtual firewall) and other segregated virtual machines. A "plain" bridge setup would be something as: eth -> bridge -> bridge.xx -> bridge -> vnet Notice the two bridges, needed because bridge.xx is a VLAN interface when no vnet can be directly attached. To avoid the double bridges, I tried the following: eth -> bridge -> bridge.xx -> macvtap It seems to work very well but, during testing, I discovered that if the interface under the macvtap one (in this case the bridge itself) goes down, inter-guest networking is lost. As a side note, in the specific scenario I described above, such issues can not really happen: as a vnet interface is going to be always bound to the first bridge, it will be *always* up due to the vnet interface itself being always up (irrespective of the physical link status) and forcing the bridge up. However, working so well, I thought to change my classical bridge setup with a macvtap based one even for simpler installation. In short, going from: eth -> bridge -> vnet to: eth -> macvtap But this very simple setup is going deny all guest traffic should the physical interface become disconnected. A very crude solution would be to issues "ip link set macvtap0 protodown off" when the physical link goes down, but I wonder if a better solution exists. That said, is replacing classical bridges with macvtap interfaces a bad idea? Anything I should know before doing that? Regards.