[libvirt] Libvirt, nwfilter, openvswitch
Laine Stump
laine at laine.org
Tue Nov 12 10:49:23 UTC 2013
On 11/12/2013 11:10 AM, Nicolas Sebrecht wrote:
> The 07/11/13, Daniel P. Berrange wrote:
>
>> There's no support for nwfilter at all when using openvswitch, due to
>> the kernel limitations you mention. The (disgusting) way openstack deals
>> with this is to create a traditional bridge per vm so you have
>>
>>
>> phys nic <-> openvswitch
>> \---> vm bridge <-> vm tap dev
>> \---> vm bridge <-> vm tap dev
>> \---> vm bridge <-> vm tap dev
> Why is it "disgusting"?
>
Because it's terribly inefficient.
You may, on the other hand, view it as "clever", because it is able to
work around deficiencies in the individual components to make something
that works at all. It certainly is true, though, that a lot of cycles
are being wasted on each packet's trip through all that network linkage,
and it would sure be nice if that waste could be avoided.
More information about the libvir-list
mailing list