[...] >> it appears that OpenStack uses Linux bridge in conjunction with an OVS bridge: >> >> There are four distinct type of virtual networking devices: TAP >> devices, veth pairs, Linux bridges, and Open vSwitch bridgesFor an >> ethernet frame to travel from eth0 of virtual machine vm01, to the >> physical network, it must pass through nine devices inside of the >> host: TAP vnet0, Linux bridge qbrXXX, veth pair (qcbXXX, qvoXXX), >> Open vSwitch bridge br-int, veth pair (int-br-eth1, phy-br-eth1), >> and, finally, the physical network interface card eth1. > > That depends on how you configure openstack to operate. The reason openstack > links ovs to a bridge, is that you can't setup iptables rules with ovs. This is useful insight, didn't know about it. > So > for each guest, openstack creates a separate bridge + veth pair, and then > sets iptables rules on that. This is pretty undesirable from a performance > POV due to the number of devices the traffic must traverse :-( > So I wouldn't > take openstack's usage as an example of good practice here. Noted. I see your recommendation: from Libvirt guests POV, OVS bridge connected to physical eth0 is the least over-head . I was wondering does an OVS bridge perform any better than Linux bridge. I had a brief chat with Thomas Graf, he mentions, w.r.t performance, from some numbers they did, ovs /slightly/ did better. However, he hasn't seen any numbers that would indicate that ovs is better in performance but i haven't seen anything the other way around either. -- /kashyap -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list