Advances in networking for virtual machines
So far the networking of virtual machines has usually been managed by configuring a Virtual Ethernet Bridge (VEB) in the host, i.e. the good old implementation of 802.1D in the Linux Kernel:
A Virtual Ethernet Bridge (VEB) is a capability within a physical end station that supports local bridging between multiple virtual end stations and (optionally) the external bridging environment.
While this works well and in some cases is the best solution, in other setups performances or policy needs dictate that the traffic between virtual machines is forwarded to an external bridge (the Ethernet switch connected to the host) and back without having in the host a real bridge learning MAC addresses from its ports and implementing the STP. Enters the VEPA:
A Virtual Ethernet Port Aggregator (VEPA) is a capability within a physical end station that collaborates with an adjacent, external bridge to provide bridging support between multiple virtual end stations and external networks. The VEPA collaborates by forwarding all station-originated frames to the adjacent bridge for frame processing and frame relay (including "hairpin" forwarding) and by steering and replicating frames received from the VEPA uplink to the appropriate destinations.
Support for VEPAs has been added to Linux 2.6.33 with a simple change to the macvlan driver.
The next step will be to use the macvtap driver (available in 2.6.34), which exposes a tap character device usable by kvm-qemu and "connected" to a macvlan-like interface.