The 07/11/13, Daniel P. Berrange wrote: > There's no support for nwfilter at all when using openvswitch, due to > the kernel limitations you mention. The (disgusting) way openstack deals > with this is to create a traditional bridge per vm so you have > > > phys nic <-> openvswitch > \---> vm bridge <-> vm tap dev > \---> vm bridge <-> vm tap dev > \---> vm bridge <-> vm tap dev Why is it "disgusting"? -- Nicolas Sebrecht -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list