-   Linux - Networking (
-   -   Virtual networks, bridges, and routing, oh my. (

vminthesky 01-15-2013 01:14 AM

Virtual networks, bridges, and routing, oh my.
I'm having a little trouble visualizing all of the steps that I need to take to get the desired network topology. Any help would be appreciated.

My desired topology is as follows:

    wlan0                          |
LAN---|            vm-mon          |
      |          ________          |
    eth0        veth0  veth1  vms  |
      |          |_______|        |

so we have a physical machine, vm-host, with two physical interfaces, wlan0 and eth0. wlan0 supplies a connection directly to vm-host, whereas eth0 is forwarded directly through br0 to vm-mon a virtual machine that monitors traffic as it proceeds to the virtual lan of virtual machines.

So the main points of discussion (assuming I am approaching it properly) are:
  1. configure br0 to forward all traffic between eth0 and veth0
  2. configure vm-mon to pass traffic between veth0 and veth1, after analyzing/filtering it (IDPS style)
  3. configuring a virtual lan for additional virtual machines. preferably on the same subnet as the physical lan

Thanks in advance for any and all comments.

vminthesky 01-19-2013 10:39 PM

Dig enough, and you will get your answers, posting a response with the results, since no one posted a response to me.

Used a bridge on the host with a tap device to connect to the ethernet of vm-mon

vm-mon has a bridge between its ethernet and a tap. It has a vde_switch attached to that tap.

Host has a vde_switch connected to each qemu vm using -net vde

The two vde_switches are remotely connected to one another using dpipe, giving the setup described in the first post.

There might be a more elegant solution, but that's what I came up with.

All times are GMT -5. The time now is 11:20 PM.