[one-users] Need some explanation on vnets and network setup

[Zaina AFOULKI]

Hi,

I'm having some trouble understanding the networking setup of OpenNebula. 

I have two nodes connected by a bridge interface br0. I enabled
contextualization using the vm-context script as explained in [1]. This is
the output of onevnet list:
  ID USER     NAME        TYPE  BRIDGE P #LEASES
  19 user1    network1    Fixed    br0 N       1
  20 user2    network2    Fixed    br0 Y       1

I noticed that whenever I launch a VM, OpenNebula adds a virtual network
named vnet0, vnet1 etc... to the list of interfaces in the node. Why are
the VNets named vnet0, vnet1, etc when they could keep the same name as
already defined by the OpenNebula user?

Why is there a need to add interfaces anyways? Why not let the VMs connect
to br0 directly?
Is it necessary to create a different bridge for every VNet defined with
the onevnet command?

The vnet is created only on the node that the VM was launched on and not
on the other nodes or the frontend. Why is this the case? Why not create it
on all nodes? I'm asking because I am using the script provided in [2] to
isolate the VNets using ebtables: I don't understand why 2 VMs on different
VNets are unable to ping each other when they are on the same node, whereas
it is possible to do so when they are on different nodes?

These are the ebtables rules created when a VM is launched on node1:
   -s ! 2:0:ac:1e:8:0/ff:ff:ff:ff:ff:0 -o vnet0 -j DROP 
   -s ! 2:0:ac:1e:8:b -i vnet0 -j DROP 
Why are they based on MAC addresses and not IP addresses?

Many thanks.

Zaina

[1] http://opennebula.org/documentation:rel2.0:cong
[2] http://opennebula.org/documentation:rel2.0:nm