[libvirt] Notes on configuring Open vSwitch, Linux bridge and Libvirt

Daniel P. Berrange berrange at redhat.com
Fri Jul 12 13:41:33 UTC 2013


On Fri, Jul 12, 2013 at 07:05:00PM +0530, Kashyap Chamarthy wrote:
> On 07/12/2013 06:32 PM, Daniel P. Berrange wrote:
> > On Fri, Jul 12, 2013 at 05:51:14PM +0530, Kashyap Chamarthy wrote:
> >> Heya Laine,
> >>
> >> Here's some quick notes to associate libvirt guests to Open vSwitch.
> >>
> >> Configure Open vSwitch
> >> ----------------------
> >>
> >> Now that a regular Linux bridge is configured, let's try to configure an
> >> OVS brdige and get IP addresses from that space:
> >>
> >> Create an Open vSwitch bridge device called 'ovsbr', and display the
> >> current state of OpenvSwitch database contents:
> >>
> >>     $ ovs-vsctl add-br ovsbr
> >>     $ ovs-vsctl show
> >>
> >>
> >> Add a virtual ethernet interface called 'veth0' with
> >>
> >>     $ ip link add name veth0 \
> >>       type veth peer name veth1
> >>
> >> Add 'veth0' ethernet device to the Linux bridge 'br0', and enumerate all
> >> bridge devices:
> >>
> >>     $ brctl addif br0 veth0
> >>     $ brctl show
> > 
> > I don't really see why you are linking ovs to a traditional software
> > bridge. 
> 
> I had no specific reason on mind. The only test machine I had free was already having a
> Linux bridge. I thought I'd try on it anyway.
> 
> 
> Meanwhile, from this networking notes page,
> 
> 
> http://docs.openstack.org/trunk/openstack-network/admin/content/under_the_hood_openvswitch.html
> 
> it appears that OpenStack uses Linux bridge in conjunction with an OVS bridge:
> 
>     There are four distinct type of virtual networking devices: TAP
>     devices, veth pairs, Linux bridges, and Open vSwitch bridgesFor an
>     ethernet frame to travel from eth0 of virtual machine vm01, to the
>     physical network, it must pass through nine devices inside of the
>     host: TAP vnet0, Linux bridge qbrXXX, veth pair (qcbXXX, qvoXXX),
>     Open vSwitch bridge br-int, veth pair (int-br-eth1, phy-br-eth1),
>     and, finally, the physical network interface card eth1.

That depends on how you configure openstack to operate. The reason openstack
links ovs to a bridge, is that you can't setup iptables rules with ovs. So
for each guest, openstack creates a separate bridge + veth pair, and then
sets iptables rules on that. This is pretty undesirable from a performance
POV due to the number of devices the traffic must traverse :-(  So I wouldn't
take openstack's usage as an example of good practice here.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list