On Fri, Jul 12, 2013 at 07:05:00PM +0530, Kashyap Chamarthy wrote: > On 07/12/2013 06:32 PM, Daniel P. Berrange wrote: > > On Fri, Jul 12, 2013 at 05:51:14PM +0530, Kashyap Chamarthy wrote: > >> Heya Laine, > >> > >> Here's some quick notes to associate libvirt guests to Open vSwitch. > >> > >> Configure Open vSwitch > >> ---------------------- > >> > >> Now that a regular Linux bridge is configured, let's try to configure an > >> OVS brdige and get IP addresses from that space: > >> > >> Create an Open vSwitch bridge device called 'ovsbr', and display the > >> current state of OpenvSwitch database contents: > >> > >> $ ovs-vsctl add-br ovsbr > >> $ ovs-vsctl show > >> > >> > >> Add a virtual ethernet interface called 'veth0' with > >> > >> $ ip link add name veth0 \ > >> type veth peer name veth1 > >> > >> Add 'veth0' ethernet device to the Linux bridge 'br0', and enumerate all > >> bridge devices: > >> > >> $ brctl addif br0 veth0 > >> $ brctl show > > > > I don't really see why you are linking ovs to a traditional software > > bridge. > > I had no specific reason on mind. The only test machine I had free was already having a > Linux bridge. I thought I'd try on it anyway. > > > Meanwhile, from this networking notes page, > > > http://docs.openstack.org/trunk/openstack-network/admin/content/under_the_hood_openvswitch.html > > it appears that OpenStack uses Linux bridge in conjunction with an OVS bridge: > > There are four distinct type of virtual networking devices: TAP > devices, veth pairs, Linux bridges, and Open vSwitch bridgesFor an > ethernet frame to travel from eth0 of virtual machine vm01, to the > physical network, it must pass through nine devices inside of the > host: TAP vnet0, Linux bridge qbrXXX, veth pair (qcbXXX, qvoXXX), > Open vSwitch bridge br-int, veth pair (int-br-eth1, phy-br-eth1), > and, finally, the physical network interface card eth1. That depends on how you configure openstack to operate. The reason openstack links ovs to a bridge, is that you can't setup iptables rules with ovs. So for each guest, openstack creates a separate bridge + veth pair, and then sets iptables rules on that. This is pretty undesirable from a performance POV due to the number of devices the traffic must traverse :-( So I wouldn't take openstack's usage as an example of good practice here. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list