On Fri, Jul 12, 2013 at 07:05:00PM +0530, Kashyap Chamarthy wrote:
On 07/12/2013 06:32 PM, Daniel P. Berrange wrote:
On Fri, Jul 12, 2013 at 05:51:14PM +0530, Kashyap Chamarthy wrote:
Heya Laine,
Here's some quick notes to associate libvirt guests to Open vSwitch.
Configure Open vSwitch ----------------------
Now that a regular Linux bridge is configured, let's try to configure an OVS brdige and get IP addresses from that space:
Create an Open vSwitch bridge device called 'ovsbr', and display the current state of OpenvSwitch database contents:
$ ovs-vsctl add-br ovsbr $ ovs-vsctl show
Add a virtual ethernet interface called 'veth0' with
$ ip link add name veth0 \ type veth peer name veth1
Add 'veth0' ethernet device to the Linux bridge 'br0', and enumerate all bridge devices:
$ brctl addif br0 veth0 $ brctl show
I don't really see why you are linking ovs to a traditional software bridge.
I had no specific reason on mind. The only test machine I had free was already having a Linux bridge. I thought I'd try on it anyway.
Meanwhile, from this networking notes page,
http://docs.openstack.org/trunk/openstack-network/admin/content/under_the_ho...
it appears that OpenStack uses Linux bridge in conjunction with an OVS bridge:
There are four distinct type of virtual networking devices: TAP devices, veth pairs, Linux bridges, and Open vSwitch bridgesFor an ethernet frame to travel from eth0 of virtual machine vm01, to the physical network, it must pass through nine devices inside of the host: TAP vnet0, Linux bridge qbrXXX, veth pair (qcbXXX, qvoXXX), Open vSwitch bridge br-int, veth pair (int-br-eth1, phy-br-eth1), and, finally, the physical network interface card eth1.
That depends on how you configure openstack to operate. The reason openstack links ovs to a bridge, is that you can't setup iptables rules with ovs. So for each guest, openstack creates a separate bridge + veth pair, and then sets iptables rules on that. This is pretty undesirable from a performance POV due to the number of devices the traffic must traverse :-( So I wouldn't take openstack's usage as an example of good practice here. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|