Hello all,<br><br>I know of many people who want to spin up VMs using libvirt + kvm/qemu and attach those VMs to an openvswitch bridge (see: <a href="http://www.openvswitch.org" target="_blank">http://www.openvswitch.org</a>).   However, the only way I know of to get this working is a kludge that uses to tap devices along with &lt;interface type=&quot;ethernet&quot;&gt; while running ovs-vsctl outside of libvirt.  Even worse, doing this on RHEL/Fedora seems to require privilege tweaks (e.g., running qemu as root, not dropping capabilities), which may not be acceptable for production deployments (see:  <a href="http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems#Errors_using_.3Cinterface_type.3D.27ethernet.27.2F.3E" target="_blank">http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems#Errors_using_.3Cinterface_type.3D.27ethernet.27.2F.3E</a> ).<br>



<br>So I would like to start taking steps toward better libvirt/openvswitch integration.  My initial step has the fairly limit goal of enabling kvm/qemu VM NICs to attach to an openvswitch bridge in much the same way VM NIC can already attached to the linux bridge.  For example, specifying:<br>



<br>&lt;interface type=&quot;openvswitch&quot;&gt; <br>&lt;source bridge=&quot;br0&quot;/&gt;<br>&lt;mac address=&quot;ca:fe:de;ad:be:ef&quot;/&gt; <br>&lt;/interface&gt;  <br><br>I also wanted to add a new child element of &lt;interface&gt; that can be used to specify some OVS specific configuration.  To start, I just want to expose a single &#39;interfaceid&#39; value (this parameter is specific to openvswitch).  Extending the previous example: <br>



<br>&lt;interface type=&quot;openvswitch&quot;&gt; <br>
&lt;source bridge=&quot;br0&quot;/&gt;<br>
&lt;mac address=&quot;ca:fe:de;ad:be:ef&quot;/&gt; <br>&lt;openvswitchport interfaceid=&quot;interface-xyz&quot;/&gt;  <br>
&lt;/interface&gt;  <br><br>For this first step (see attached patch), I am only targeting the model where the OVS bridge has been created externally ahead of time.  I am not tackling any of the &quot;network&quot; logic that actually creates/destroys bridges, as it is not needed for my target use case.  <br>



<br>A couple notes about the attached patch:<br>- I haven&#39;t actually run this code.  I was just poking around the libvirt code to learn about it and figured that a diff was the most concrete way to propose what I was thinking of doing.  I would be curious for pointers about big chunks of work that I may have missed (for example, I haven&#39;t added any tests yet).  <br>



- the code was modeled on the network interface &quot;bandwidth&quot; code, that calls out to &#39;tc&#39; to configure bandwidth rates.  Ideally we would be able to make direct C calls to OVS (and we plan to make that possible in the future), but calling an external utility right now is the only viable path.  <br>



- no attention was paid to style guidelines.  Will do that before any real submission.  <div>- I wasn&#39;t very clear on the notion of an &quot;actual&quot; net def, as opposed to a normal net def.  What&#39;s the best place to look for documentation on this?   <br>


<br>Anyway, I&#39;m primarily looking for feedback about whether I&#39;m barking up the right tree before I spend time debugging or polishing the patch, so I would appreciate thoughts, advice, etc.  Thanks,<br><br>Dan<br>


<br clear="all"><br>-- <br>~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Dan Wendlandt <div>Nicira Networks: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br><div>twitter: danwendlandt<br>~~~~~~~~~~~~~~~~~~~~~~~~~~~<br></div></div><br>
</div>