From owner-freebsd-virtualization@freebsd.org  Thu Dec 29 15:26:14 2016
Return-Path: <owner-freebsd-virtualization@freebsd.org>
Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 092F3C9624B
 for <freebsd-virtualization@mailman.ysv.freebsd.org>;
 Thu, 29 Dec 2016 15:26:14 +0000 (UTC)
 (envelope-from aryeh.friedman@gmail.com)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com
 [IPv6:2607:f8b0:4001:c06::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C59D91387
 for <freebsd-virtualization@freebsd.org>; Thu, 29 Dec 2016 15:26:13 +0000 (UTC)
 (envelope-from aryeh.friedman@gmail.com)
Received: by mail-io0-x22c.google.com with SMTP id n85so120844113ioi.2
 for <freebsd-virtualization@freebsd.org>; Thu, 29 Dec 2016 07:26:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=XWdEB/3id874RNqb9WI2+MHs+mL4hT7NU7xdEDXd++Q=;
 b=EizFINl+u0xtoTPtyooJXLG5E4e0705lF5LZ36zeg1Dr5TUUX+ndEtuZP2xojS7iE0
 +noJr0I5bHYebM8nh8lgZGHZVVgzesCQ94nhWew4K3mxJddVzgX0reN8RrBP1lxaAOSJ
 y+ifP/KNLcDxp9OInr6AoJixXzrOxmtrLE7mNBWekx1jByCb2N0bdStYBIBQnfH876Fr
 veRbI2wKbinMTFj2prQkImbRCQrxPgStMFPS6dthMrEwyLAxZkpA4H3yWLJAgNMne7L8
 jBvuodIsufJ0qKyzyo7ttYUSiaYQ5rbcJvCD0qSWUi0hfu6OiPg+O0QL0KDPmkHX3Vug
 T6DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=XWdEB/3id874RNqb9WI2+MHs+mL4hT7NU7xdEDXd++Q=;
 b=cMEbxN2fZtQa5q4HaCepGcbR5lIO36pDYHlzes9tXDFaosWBiH3njUM5sd2/PNlrgh
 Fc40FJrgjhlaN/A3Ge0/5kOYs3Yhoh2JRLPLtyD6Z32261OHw+UnTFJZu90ljIc3r4oQ
 meYAh9F8XVOj/17qvg9bkR+hA/r6IIlvfkcGxw/fe0PI4IwU/DTWzijPItIWMW0PH68W
 ATicr2fcqVFmxBNmef2Txfa8eIzRmTA9fd6BKt29iYpsxG/fPsQSLiRaa5NRqDuT8u6P
 FkqdjmE3MhjllX5cJi2D7SKhKGB5ql/1S00dHTUj/g2EuNkJrYXmwkiKMU5Ib6V9Lgsl
 OoLg==
X-Gm-Message-State: AIkVDXK0+7VERaUed4Ic2X1h4uKfD1s5tLjjYLx6i4VPBAJ1WA4eMo/VgFb9kFUs/rSsPMTNwRaGK9P2y5vAeg==
X-Received: by 10.107.12.170 with SMTP id 42mr29520110iom.96.1483025173132;
 Thu, 29 Dec 2016 07:26:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.57.212 with HTTP; Thu, 29 Dec 2016 07:26:12 -0800 (PST)
In-Reply-To: <EFADB4DF-5779-4228-8A22-2E336B4E46D4@up4.com>
References: <B0C8AC1D-340A-4EF9-A862-FEA3A2AE37E4@up4.com>
 <CAGBxaXmv1pD1Lib76jzU+7OntT7i50xmV6LmxYjjmOYYrmD8UA@mail.gmail.com>
 <EFADB4DF-5779-4228-8A22-2E336B4E46D4@up4.com>
From: Aryeh Friedman <aryeh.friedman@gmail.com>
Date: Thu, 29 Dec 2016 10:26:12 -0500
Message-ID: <CAGBxaXnEs9n1DMET3y58ZouRnizj5Xn8yW1r_qr7tBiL0DgaNg@mail.gmail.com>
Subject: Re: Multiple bhyve Guests, Single bridge/tap?
To: Vincent Olivier <vincent@up4.com>
Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2016 15:26:14 -0000

On Thu, Dec 29, 2016 at 10:19 AM, Vincent Olivier <vincent@up4.com> wrote:

> Hi!
>
> > Use the same bridge but a different tap (each tap represents the virtual
> equivalent of a NIC where the bridge is the virtual equivalent of a hub)
>
>
> Thanks! This is very clear. For extra isolation, could I use a new bridge
> too or is that useless?
>

Yes but it only makes sense in a multi-tenant (aka cloud provider) setup
because any attacker on a VM should be assumed to able to get into the host
due to knowing your password (which typically is not all that different on
the two machines unless you randomly generated it).

-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org