[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt-users] network filter and openvswitch bridge




Hello all!

I try to use network filters for openvswitch interfaces.  This is the xml configuration of my bridge interface

<interface type='bridge'>
   <mac address='00:11:22:33:44:55'/>
   <source bridge='virbr1'/>
   <virtualport type='openvswitch'>
        <parameters interfaceid='0529d6b5-627c-4330-803f-0d7018e6d496'/>
   </virtualport>
   <model type='virtio'/>
   <filterref filter='myfilter'>
      <parameter name='IP' value='10.10.10.99'/>
   </filterref>
   <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
 </interface>

The filter 'myfilter' is defined. If I start a domain with this interface all ports are correctly added to the 'virbr1' bridge, plus libvirt creates firewall rules using ebtables tool. BUT ebtables controls linux bridges, not openvswich bridges. As far as I know OVS has its own tool to create firewall rules for its bridges - ovs-ofctl. How to make libvirt to use the right tool for creating firewall rules for OVS bridges?

If I remove ebtables tool and try to start the domain, libvirt complains "cannot create rule since ebtables tool is missing."

Thank you.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]