| 
		
			| New to OpenVZ - seeking network configuration suggestions [message #34466] | Thu, 08 January 2009 06:19  |  
			| 
				
				
					|  atjensen11 Messages: 2
 Registered: January 2009
 | Junior Member |  |  |  
	| Admittedly, I am coming to OpenVZ from the Xen platform that is running on an Ubuntu 8.40 LTS server. 
 I would like to set up several virtual machines in two different subnets.  I typically use X.X.100.X for my publicly accessible machines and X.X.200.X for machines on my private LAN.  I should note that all IP addresses on my machine are in the private address space.  A router handles NAT from the real public to private addresses.
 
 For example, I would want to create a virtual machine on the X.X.100.X subnet that is a publicly accessible webserver.  On the X.X.200.X subnet, I would like to have a personal file server.  I would like both virtual machines to be on the same host machine.
 
 I don't want any traffic between the web server and the file server.
 
 I have five network cards for the host machine.  In Xen, I was pretty accustomed to hiding network cards on the PCI bus from the host machine and assigning them to the virtual machine.  It appears that I can do the same in OpenVZ.
 
 But is there a better way?  I have tried to read up on venet and veth devices.  After reading the Wiki, it appeared that I should use veth, but traffic sniffing is possible which would appear to violate my desire not to have traffice between the subnets.
 
 I am looking for feedback on how users familiar with OpenVZ would go about creating this configuration.
 
 I should note that the host machine would likely be on the X.X.100.X subnet.
 
 Thanks.
 [Updated on: Thu, 08 January 2009 06:27] Report message to a moderator |  
	|  |  | 
	|  | 
	| 
		
			| Re: New to OpenVZ - seeking network configuration suggestions [message #34480 is a reply to message #34476] | Fri, 09 January 2009 16:51  |  
			| 
				
				
					|  atjensen11 Messages: 2
 Registered: January 2009
 | Junior Member |  |  |  
	| I have created bridges on the hardware node to the different network cards, one with an address on the public LAN and one on the private LAN. 
 However, it may be just my lack of understanding, but the comparison of veth to venet stated that veth interfaces allow traffic sniffing.  Would this still be true in the bridging scenario that you are suggesting?
 |  
	|  |  |