"J. Roeleveld" <jo...@antarean.org> writes: > On Monday, December 08, 2014 11:17:26 PM lee wrote: >> "J. Roeleveld" <jo...@antarean.org> writes: >> > create 1 bridge per physical network port >> > add the physical ports to the respective bridges >> >> That tends to make the ports disappear, i. e. become unusable, because >> the bridge swallows them. > > What do you mean with "unusable"?
The bridge swallows the physical port, and the port becomes unreachable. IIRC, you can get around this by assigning an IP address to the bridge rather than to the physical port ... In any case, I'm finding bridges very confusing. >> > pass virtual NICs to the VMs which are part of the bridges. >> >> Doesn't that create more CPU load than passing the port? > > Do you have an IOMMU on the host? > I don't notice any significant increase in CPU-usage caused by the network > layer. Yes, and the kernel turns it off. Apparently it's expected to be more advantageous for some reason to use software emulation instead. >> And at some >> point, you may saturate the bandwidth of the port. > > And how is this different from assigning the network interface directly? With more physical ports, you have more bandwidth available. >> My switch supports bonding, which means I have a total of 4Gbit/s between >> the >> server and switch for all networks. (using VLANs) I don't know if mine does. >> > But it's your server, you decide on the complexity. >> > >> > I stopped passing physical NICs when I was encountering issues with newer >> > cards. >> > They are now resolved, but passing virtual interfaces is simpler and more >> > reliable. >> >> The only issue I have with passing the port is that the kernel module >> must not be loaded from the initrd image. So I don't see how fighting >> with the bridges would make things easier. > > Unless you are forced to use some really weird configuration utility for the > network, configuring a bridge and assiging the bridge in the xen-domain > config > file is simpler then assigning physical network interfaces. Hm, how is that simpler? And how do you keep the traffic separated when everything goes over the same bridge? What about pppoe connections? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
