In RHV is there is any communication between ethernet ports in different bridges within same hypervisor?
Environment
- Red Hat Enterprise Linux 6.x
- Red Hat Enterprise Linux 7.x
- Red Hat Virtualization
Issue
- Is there is any communication between ethernet ports in different bridges within the same physical box in hypervisor environment?
Resolution
Short answer: no communication, they are isolated by default in RHEV Hypervisors.
Long answer: since the ethernet ports are in different bridges, there is no communication by default, unless:
1) IP routing was manually enabled and rules that could mix traffic exist - default is disabled (0 = disabled, 1 = enabled)
# cat /proc/sys/net/ipv4/ip_forward
0
2) NAT has some rules that might affect the traffic - default is empty/no rules, as shown below
# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3) Some common device connecting the bridges was manually configured - not by default, very unlikely.
Some more exotic configs like a macvlan pair based on common dummy interface might to that.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments