[fedora-virt] VM with access to outside world, but not LAN?

[Gianluca Cecchi]

On Tue Jan 3 17:26:33 UTC 2012 Andrew Cathrow wrote:

> >
> > Not only that, I was actually able to make it work :-).
> >
> > http://home.comcast.net/~tomhorsley/wisdom/braindump/isolate.html
>
> on a side note, you don't seem to have delay set in the bridge definition, if you don't care about live migrations then it won't matter of course.
>

Probably useful to elaborate more...
Information taken from linuxfoundation.org web site:
"
Forwarding delay time is the time spent in each of the Listening and
Learning states before the Forwarding state is entered.
This delay is so that when a new bridge comes onto a busy network it
looks at some traffic before participating.
...
One common mistake is that the default bridge forwarding delay setting
is 30 seconds. This means that for the first 30 seconds after an
interface joins a bridge, it won't send anything.
This is because if the bridge is being used in a complex topology, it
needs to discover other bridges and not create loops.
This problem was one of the reasons for the creation of Rapid Spanning
Tree Protocol (RSTP).
"
Is it correct to say that so if we don't explicitly set
DELAY=0
in our bridge configuration, it will default to 30 seconds and during
live migration the vm on target hypervisor will loose 30 seconds when
its virtual nic, if configured on a bridge, will join the bridge
during its power on/paused state?

On linuxfoundation.org page there is also this statement regarding
dhcp client configuration on a bridge:

"
If the bridge is being used standalone (no other bridges near by).
Then it is safe to turn the forwarding delay off (set it to zero),
before adding interface to a bridge.
"

What is the meaning of the "safe" word above? Suppose a KVM
hypervisor with several bridges configured, do we risk anything
putting DELAY=0 to all of them then?

Thanks in advance,
Gianluca