Re: [libvirt] Libvirt, nwfilter, openvswitch
On 11/12/2013 11:10 AM, Nicolas Sebrecht wrote:
The 07/11/13, Daniel P. Berrange wrote:
> There's no support for nwfilter at all when using openvswitch, due to
> the kernel limitations you mention. The (disgusting) way openstack deals
> with this is to create a traditional bridge per vm so you have
>
>
> phys nic <-> openvswitch
> \---> vm bridge <-> vm tap dev
> \---> vm bridge <-> vm tap dev
> \---> vm bridge <-> vm tap dev
Why is it "disgusting"?
Because it's terribly inefficient.
You may, on the other hand, view it as "clever", because it is able to
work around deficiencies in the individual components to make something
that works at all. It certainly is true, though, that a lot of cycles
are being wasted on each packet's trip through all that network linkage,
and it would sure be nice if that waste could be avoided.