6 thoughts on - Using STP In Kvm Bridges

• STP has nothing to do with multicast as it’s an Ethernet protocol. It’s developed to provide loop-free redundancy links to Ethernet-based networks.

  I can’t imagine any legitimate use of STP within virtualized environment except when BOTH a) you don’t trust the person who manages VM’s (like in VPS providing) AND b) you provide more then one network interface to the virtual machine.

  Otherwise STP can be used to prevent traffic storm because of malicious bridging of vNIC’s inside VM.

  Best regards, Dmitry Mikhailov

• Thanks Dmitry… Uhmm, but my case is: “b) you provide more then one network interface to the virtual machine”. I have several kvm guests with 3 or more network interfaces … In this case, do you recommends to enable STP??

• You should always enable STP on a bridge unless you have a very specific reason not to.

  Regards,
  Dennis

• If you are the one who manages the VM’s and you’re not masochistic to intentionally bridge vNICs inside some VM, you don’t need it.

• And what’s the reason if you’re not a hosting provider or an enterprise with heavy and complicated infrastructure?

• It’s a question in the area of network adminisration.

  STP is slow by today’s standards – 50 seconds to wait until it rearranges the topology is too much. And RSTP isn’t supported without a special daemon.

  Next, if you want some physical link level redundancy you’d better go LACP – anyway almost every managed switch that has STP also has LACP
  today. And you can also get speed improvement.

  Next, I doubt anyone would create two vNICs on a VM that connect to the same physical network. I see no point. The chances are they’re going to be VLANs on a physical network. So you need VSTP. Does your switch do VSTP and are you up to configure it?

  Thus personally I don’t see a point in carelessly enabling STP on a hardware node.