On 09/16/2015 10:15 AM, Dmitry E. Mikhailov wrote:> On 09/16/2015 03:02 PM, C.L. Martinez wrote: >> What advantages and disadvantages have?? If I will want to install >> some kvm guests that use multicast address for certain services, is it >> recommended to enable STP? > STP has nothing to do with multicast as it's an Ethernet protocol. > It's developed to provide loop-free redundancy links to Ethernet-based > networks. > > I can't imagine any legitimate use of STP within virtualized environment > except when BOTH a) you don't trust the person who manages VM's (like in > VPS providing) AND b) you provide more then one network interface to the > virtual machine. > > Otherwise STP can be used to prevent traffic storm because of malicious > bridging of vNIC's inside VM. > > Best regards, > Dmitry MikhailovThanks Dmitry... Uhmm, but my case is: "b) you provide more then one network interface to the virtual machine". I have several kvm guests with 3 or more network interfaces ... In this case, do you recommends to enable STP??
On 16.09.2015 12:18, C.L. Martinez wrote:> On 09/16/2015 10:15 AM, Dmitry E. Mikhailov wrote: >> On 09/16/2015 03:02 PM, C.L. Martinez wrote: >>> What advantages and disadvantages have?? If I will want to install >>> some kvm guests that use multicast address for certain services, is it >>> recommended to enable STP? >> STP has nothing to do with multicast as it's an Ethernet protocol. >> It's developed to provide loop-free redundancy links to Ethernet-based >> networks. >> >> I can't imagine any legitimate use of STP within virtualized environment >> except when BOTH a) you don't trust the person who manages VM's (like in >> VPS providing) AND b) you provide more then one network interface to the >> virtual machine. >> >> Otherwise STP can be used to prevent traffic storm because of malicious >> bridging of vNIC's inside VM. >> >> Best regards, >> Dmitry Mikhailov > > Thanks Dmitry... Uhmm, but my case is: "b) you provide more then one > network interface to the virtual machine". I have several kvm guests > with 3 or more network interfaces ... In this case, do you recommends to > enable STP??You should always enable STP on a bridge unless you have a very specific reason not to. Regards, Dennis
On 09/16/2015 03:18 PM, C.L. Martinez wrote:> Thanks Dmitry... Uhmm, but my case is: "b) you provide more then one > network interface to the virtual machine". I have several kvm guests > with 3 or more network interfaces ... In this case, do you recommends to > enable STP??If you are the one who manages the VM's and you're not masochistic to intentionally bridge vNICs inside some VM, you don't need it.
On 09/16/2015 03:27 PM, Dennis Jacobfeuerborn wrote:> You should always enable STP on a bridge unless you have a very specific > reason not to.And what's the reason if you're not a hosting provider or an enterprise with heavy and complicated infrastructure?
On 09/16/2015 03:27 PM, Dennis Jacobfeuerborn wrote:> You should always enable STP on a bridge unless you have a very specific > reason not to.It's a question in the area of network adminisration. STP is slow by today's standards - 50 seconds to wait until it rearranges the topology is too much. And RSTP isn't supported without a special daemon. Next, if you want some physical link level redundancy you'd better go LACP - anyway almost every managed switch that has STP also has LACP today. And you can also get speed improvement. Next, I doubt anyone would create two vNICs on a VM that connect to the same physical network. I see no point. The chances are they're going to be VLANs on a physical network. So you need VSTP. Does your switch do VSTP and are you up to configure it? Thus personally I don't see a point in carelessly enabling STP on a hardware node.