<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/22/2016 12:44 AM, Gk Gk wrote:<br>
</div>
<blockquote
cite="mid:CAJreVFyw_5KomWzcFDBRa0MKC63qHXLE699WvrZ0yrYgTqmDbQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi,<br>
<br>
</div>
<div>in bridge mode all the guests and hosts should be in the
same subnet always ?<br>
</div>
</div>
</blockquote>
<br>
(please don't top-post replies)<br>
<br>
Your new question is irrelevant both to your original question and
to my response. Yes, it is usually the case that the purpose of
using a bridge-mode connection is to have the guests on the same
subnet as the machines on the physical network, although that isn't
necessarily the case - a bridge device doesn't care (or even
understand) IP; it just forwards according to learned information
about MAC addresses, and if someone wanted, they could put multiple
IP subnets on the same bridge.<br>
<br>
But you asked why it could be the case that a bridge wouldn't accept
packets from a guest that has a public IP. First, as I say above,
the IP address is irrelevant when talking about a filter based on
MAC address. Second, as I said in my last messages, any managed
switch can have each port configured to only accept packets with
certain MAC addresses, and many/most hosting providers (and many
corporate IT departments) program the ports of their switches to
only accept traffic with the source MAC address of a single machine
(they do this to prevent hostile hosts spoofing the MAC addresses of
other hosts) - if you have a bridge setup between your guest and
your physical host, the guest traffic sent to the switch will still
have the guest interface's MAC address, which the switch may reject.<br>
<br>
If, on the other hand, you use a routed setup, the guest traffic
will go through the host's IP routing, and reemerge from the guest
with the *host's* MAC address. So it will then at least pass the MAC
address filter on the bridge.<br>
<br>
But, as I said in my last message, the hosting provider's network
would then 1) need to accept traffic from the guest's IP address,
and 2) need to have an entry in the routing tables of its routers
pointing to your host for the subnet you've defined for your guests.
It is *highly* unlikely that any hosting provider would do this for
you, since IPv4 address space is at such a premium. It's more likely
that they would allow you to register extra MAC addresses.<br>
<br>
<br>
If this still doesn't make sense, I suggest you read the following
two wikipedia entries:<br>
<br>
<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/Bridging_%28networking%29">https://en.wikipedia.org/wiki/Bridging_%28networking%29</a><br>
<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/IP_forwarding">https://en.wikipedia.org/wiki/IP_forwarding</a><br>
<br>
<br>
<blockquote
cite="mid:CAJreVFyw_5KomWzcFDBRa0MKC63qHXLE699WvrZ0yrYgTqmDbQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
<br>
</div>
<div>Thanks<br>
</div>
<div>Kumar<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sun, May 22, 2016 at 12:41 AM, Laine
Stump <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:laine@laine.org" target="_blank">laine@laine.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<div>On 05/20/2016 03:21 AM, Gk Gk wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Referring to the link <a moz-do-not-send="true"
href="http://wiki.libvirt.org/page/VirtualNetworking" target="_blank">http://wiki.libvirt.org/page/VirtualNetworking</a>,
the scenario described for the routed mode,
explains that </div>
<div><br>
</div>
<div>"<span
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.6px;line-height:18.9px">Host
has public IP and virtual machines have static
public IPs. But one can't use bridged
networking, since provider accept only packets
from the MAC address of the host"</span></div>
<div><span
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.6px;line-height:18.9px"><br>
</span></div>
<div><span
style="color:rgb(0,0,0);font-family:sans-serif;font-size:12.6px;line-height:18.9px">Can
someone explain to me why doesn't the switch
accept the packets from the guest vms' mac
addresses also since they have public IPs in
the bridged mode ?</span></div>
</div>
</blockquote>
<br>
</span> Because the people who have administrative control
over the switch have configured it that way. (Of course,
if they're that restrictive, it's doubtful that they would
allocate an entire subnet to a customer's machine, and
reconfigure their routing tables to deal with it).<br>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>