[libvirt] Notes on configuring Open vSwitch, Linux bridge and Libvirt
Daniel P. Berrange
berrange at redhat.com
Fri Jul 12 13:41:33 UTC 2013
On Fri, Jul 12, 2013 at 07:05:00PM +0530, Kashyap Chamarthy wrote:
> On 07/12/2013 06:32 PM, Daniel P. Berrange wrote:
> > On Fri, Jul 12, 2013 at 05:51:14PM +0530, Kashyap Chamarthy wrote:
> >> Heya Laine,
> >>
> >> Here's some quick notes to associate libvirt guests to Open vSwitch.
> >>
> >> Configure Open vSwitch
> >> ----------------------
> >>
> >> Now that a regular Linux bridge is configured, let's try to configure an
> >> OVS brdige and get IP addresses from that space:
> >>
> >> Create an Open vSwitch bridge device called 'ovsbr', and display the
> >> current state of OpenvSwitch database contents:
> >>
> >> $ ovs-vsctl add-br ovsbr
> >> $ ovs-vsctl show
> >>
> >>
> >> Add a virtual ethernet interface called 'veth0' with
> >>
> >> $ ip link add name veth0 \
> >> type veth peer name veth1
> >>
> >> Add 'veth0' ethernet device to the Linux bridge 'br0', and enumerate all
> >> bridge devices:
> >>
> >> $ brctl addif br0 veth0
> >> $ brctl show
> >
> > I don't really see why you are linking ovs to a traditional software
> > bridge.
>
> I had no specific reason on mind. The only test machine I had free was already having a
> Linux bridge. I thought I'd try on it anyway.
>
>
> Meanwhile, from this networking notes page,
>
>
> http://docs.openstack.org/trunk/openstack-network/admin/content/under_the_hood_openvswitch.html
>
> it appears that OpenStack uses Linux bridge in conjunction with an OVS bridge:
>
> There are four distinct type of virtual networking devices: TAP
> devices, veth pairs, Linux bridges, and Open vSwitch bridgesFor an
> ethernet frame to travel from eth0 of virtual machine vm01, to the
> physical network, it must pass through nine devices inside of the
> host: TAP vnet0, Linux bridge qbrXXX, veth pair (qcbXXX, qvoXXX),
> Open vSwitch bridge br-int, veth pair (int-br-eth1, phy-br-eth1),
> and, finally, the physical network interface card eth1.
That depends on how you configure openstack to operate. The reason openstack
links ovs to a bridge, is that you can't setup iptables rules with ovs. So
for each guest, openstack creates a separate bridge + veth pair, and then
sets iptables rules on that. This is pretty undesirable from a performance
POV due to the number of devices the traffic must traverse :-( So I wouldn't
take openstack's usage as an example of good practice here.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list