[PVE-User] R: more subnet on same bridge

[Marco Vaschetto]

-----Messaggio originale-----
Da: Flavio Stanchina [mailto:flavio.stanchina at ies.it] 
Inviato: giovedì 29 marzo 2012 13:01
A: Marco Vaschetto
Cc: pve-user at pve.proxmox.com
Oggetto: Re: [PVE-User] more subnet on same bridge

Marco Vaschetto wrote:
> anybody have try to configure different subnet on the same bridge 
> between two node?
>
> For example,
>
> on the two server node vmbr1 is setup without any ip and is working
>
> VM 1 - IP 192.168.0.1 - server node A
> VM2 - IP 192.168.0.2 - server node B
> VM3 - IP 172.16.0.1 - server node A
> VM4 - IP 172.16.0.2 - server node B
>
> All VM's the virtual ETH setup with on vmbr1.
>
> I think this will work fine, [...]

Should work just fine if the rest of your network is properly set up, but it's not very useful because the node administrator(s) -- or a bad guy that breaks into the node(s) -- can easily reconfigure the network interfaces as they please. If you're doing this to partition the network for security reasons, set up another vmbr interface on a separate VLAN.

-- 
Flavio Stanchina
Informatica e Servizi
Trento - Italy

Thank's for feedback,
 I'm not do this for security porpouse and yes is all properly configured
 the vmbr is already configure in a standalone vlan, what I try is use that vmbr like a distributed switch I have think this way for do it;
aboute the security trought the different subnet I should think a "nice" configuration of iptables on nodes;
if you are intrested or have some suggestion to give me will really helpful.

Regards Marco Vaschetto