[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Bridge vs. Route configuration?

To: NAHieu <nahieu@xxxxxxxxx>
From: Eric Windisch <lists@xxxxxxxxxx>
Date: Fri, 09 Jun 2006 11:47:33 -0400
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 09 Jun 2006 08:48:26 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

In Xen, by default the domains are configured to use bridge (with
network-bridge script). But there is network-route, and this option
also allows us to connect domains.

But I don't see what is the advantage of Route config over Bridge. In
which case we should use Route method instead?

Bridging is perfectly fine in many cases, but when you have untrustedDomU, routing can be preferable.


Routing establishes a healthy level of distrust to your network stack.

- Do trust dom01 to not assign itself IPs assigned to dom02 ?
- Do I want a firewall between dom01 and dom02 ?

- Do I want dom01's web access sent to a transparent proxy, but notdom02's web access?

These are questions that can be solved by routing. Finally, I shouldnote that bridges aren't completely lost in terms of security, ebtablesis far from useless, but it isn't as flexible as routing.


--
Eric Windisch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Bridge vs. Route configuration?
  - From: NAHieu

References:
- [Xen-users] Bridge vs. Route configuration?
  - From: NAHieu

Prev by Date: [Xen-users] Kernel panic: Unable to handle kernel paging request
Next by Date: [Xen-users] What is possible with vlan and xen ?
Previous by thread: Re: [Xen-users] Bridge vs. Route configuration?
Next by thread: Re: [Xen-users] Bridge vs. Route configuration?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.