[libvirt-users] network filter and openvswitch bridge
Pavel Tokarev
dialinkde at mail.ru
Tue Oct 1 14:27:47 UTC 2013
Hello all!
I try to use network filters for openvswitch interfaces. This is the xml configuration of my bridge interface
<interface type='bridge'>
<mac address='00:11:22:33:44:55'/>
<source bridge='virbr1'/>
<virtualport type='openvswitch'>
<parameters interfaceid='0529d6b5-627c-4330-803f-0d7018e6d496'/>
</virtualport>
<model type='virtio'/>
<filterref filter='myfilter'>
<parameter name='IP' value='10.10.10.99'/>
</filterref>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
The filter 'myfilter' is defined. If I start a domain with this interface all ports are correctly added to the 'virbr1' bridge, plus libvirt creates firewall rules using ebtables tool. BUT ebtables controls linux bridges, not openvswich bridges. As far as I know OVS has its own tool to create firewall rules for its bridges - ovs-ofctl. How to make libvirt to use the right tool for creating firewall rules for OVS bridges?
If I remove ebtables tool and try to start the domain, libvirt complains "cannot create rule since ebtables tool is missing."
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20131001/19d2c4a7/attachment.htm>
More information about the libvirt-users
mailing list