The bridged network mode demonstrates a number of differences as compared to the host-routed one:
-
Each
vethvirtual adapter has a MAC address assigned to it while a host-routed adapter does not have any. Thanks to this fact:- Any virtual machine or container can see all broadcast and multicast packets received from or sent to the selected network adapter on the hardware node.
- Using bridged virtual adapters, you can host DHCP or Samba servers in virtual machines and containers.
- There is no more need to assign all network settings (IP addresses, subnet mask, gateway, and so on) to virtual machines and containers from the server. All network parameters can be set from inside virtual machines and containers.
-
vethadapters can be bridged among themselves and with other devices. If severalvethadapters are united into a bridge, this bridge can be used to handle network traffic for the virtual machines and containers whosevethadapters are included in the bridge. -
Due to the fact that
vethadapters act as full members on the network (rather than "hidden" beyond virtual networks adapters on the server), they are more prone to security vulnerabilities: traffic sniffing, IP address collisions, and so on. Therefore,vethadapters are recommended for use in trusted network environments only.
