Bridge behavior and multiple IP's over one NIC

[Queck]

As far as I am aware, we can think of a brige (vmbr0 for example) as a switch. You can also have bridge-ports which means that as far as I am aware that that any incoming and outgoing traffic will be monitored by that bridge. What confuses me is, lets assume we have 2 IP-addresses. We have only one NIC. When I create virtual bridges (I'll just say vmbr's), they by default do not and cannot communicate with each other. How would we make two seperate vmbr's with seperate IP's then? You don't want both IP-Addresses going through one bridge, however you also can't make your NIC into a bride-port for two vmbrs. How are we supposed to have separate data streams or rather am I forced into something like this:

iface eth0 inet manual
auto vmbr0 inet static
address 94.130.95.16/26
gateway 94.130.95.1
bridge-ports eth0
bridge-stp off
bridge-fd 0

I would basically attach vmbr0 to my VM and then give the VM the second address statically, it would then communicate outside via vmbr0. While this did work (with arp proxy and ipv4 forwarding), I am not sure if this is the best / secure way to go about it. Is my understanding of a bridge correct? I am assuming some things:

A bridge is not by default capable of talking with other bridges, they are not by default connected
Being a bridge port forces a port to send everything (incoming and outgoing) to that bridge

How would you make bridges capable of communicating with each other? While you can have a VM in the middle connected to two bridges, is there a more direct way? I think of vmbr's as actual switches, is that mental image even right?

Any help appreciated.

 

[EllerholdAG]

A bridge is the software equivalent of a network switch yeah.

If each bridge has a NIC associated, you can physically plug a cable between these ports - tada the 2 bridges are connected. (Like with a physical switch.)

IDK if there is a sw-only way to connect bridges, because why would you create two bridges and them connect them if you can just use one bridge? ESXi has a limit of ~ 9000 ports, idk if linux has a maximum too.

AFAIK you can assign two IP addresses to a bridge, but these will be IP addresses for the pve-host. These IP address should not be in the same subnet though. Im not entirely clear on what you want to accomplish? If you want different networks for different things (e. g. an internal network and a guest network) but you just have 1 NIC, then you can use vlans. You'd need a vlan capable managed (physical) switch to separate the two networks outside for the different devices.