Date: Thu, 29 Dec 2016 10:26:12 -0500 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: Vincent Olivier <vincent@up4.com> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: Multiple bhyve Guests, Single bridge/tap? Message-ID: <CAGBxaXnEs9n1DMET3y58ZouRnizj5Xn8yW1r_qr7tBiL0DgaNg@mail.gmail.com> In-Reply-To: <EFADB4DF-5779-4228-8A22-2E336B4E46D4@up4.com> References: <B0C8AC1D-340A-4EF9-A862-FEA3A2AE37E4@up4.com> <CAGBxaXmv1pD1Lib76jzU%2B7OntT7i50xmV6LmxYjjmOYYrmD8UA@mail.gmail.com> <EFADB4DF-5779-4228-8A22-2E336B4E46D4@up4.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 29, 2016 at 10:19 AM, Vincent Olivier <vincent@up4.com> wrote: > Hi! > > > Use the same bridge but a different tap (each tap represents the virtual > equivalent of a NIC where the bridge is the virtual equivalent of a hub) > > > Thanks! This is very clear. For extra isolation, could I use a new bridge > too or is that useless? > Yes but it only makes sense in a multi-tenant (aka cloud provider) setup because any attacker on a VM should be assumed to able to get into the host due to knowing your password (which typically is not all that different on the two machines unless you randomly generated it). -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaXnEs9n1DMET3y58ZouRnizj5Xn8yW1r_qr7tBiL0DgaNg>