Thanks a lot for you answer, Marcin! > On Wed, Nov 14, 2018 at 2:24 PM wrote: > Having separate NICs you don't even need separate VLANs. You can just use > one NIC for your host/storage network, and use another NIC to create a VM > network. You must of course make sure to separate these outside of the > hosts. > VLANs are useful if you have just one NIC on your host, or want to have > multiple networks on a single NIC. You can then create multiple VLAN > networks (VLAN devices) on top of your NIC, and so achieve network > separation. How are these VLAN tags "enforced"? Does the switch automatically separate VLANs from each other by default?
> If you have your VM networks and host network use different NICs, your > networks are already separated (L2). Yes, but I defined an IP for the "VM" NIC on the hosts which is reachable by the VMs (= the VMs are in the same subnet as the host). I want to completely make the hosts unreachable by the VM. I do not know whether this is best-practice or even necessary? I found little to no information about networking best-practices regarding oVirt. Just as an anecdote: we had an laptop in the network of the hosts/storages which had for some reason had a static IP defined by an employee - which was also assigned to an storage server - which in turn resulted in some downtime. I think separating the hosts/storage from the rest of the network was a good first step to prevent such incidents but - as I said before - I am not sure whether it suffices. Thanks again for all your input! _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/4YLDMESO5ZRPY7YGIEBBP5XUACI5STSU/
