HoldMyType#nixos #network #virtualization folks
I seek your feedback on the approach I am thinking about for a performant exposure of my NixOs vM with as much isolation as possible , given
cc @solene
*Hardware limitations*
My wireless drivers do not support being enslaved to Linux bridges due to Wi-Fi protocol limitations.
I do use firewall for now only my wireless interface is up
*Approach*
** For wireless interface
I use a host-side routed NAT network on my vnet interface combined with strict firewall rules for isolation.
This matches my current setup where the VM accesses the network through a virtual NAT (vnet#) interface.
NAT mode provides a separate subnet for my VM, which isolates VM traffic from the rest of my wireless LAN.
Ensures compatibility with consumer routers and wireless interfaces that don't support bridging or MacVTap hairpin modes.
For wired eth interface
I use virtual nat(ed) subnet interface vnet# of my host NixOs to emulate its network in the guest NixOs [fn:1], as no
reliable ISP's in india allow tap bridges vibr# with consumer grade routers. If I could , i d use vibr# with MacVTap, which simplifies
virtualized networking by allowing direct connections to physical network interfaces, often resulting in better
performance.
My wireless driver does not support being enslaved to Linux bridges due to Wi-Fi protocol limitations.
#MacVTap is generally more suitable for vnet# for connecting directly to the physical network interface, improving
performance, resource consumption. QEMU's rocker switch is typically used vibr# tap bridges.
My Network priority: VM-to-host communication the most, then VM-to-VM, may want LAN access with
network isolation high performance,
Vagrant Cascadian