12 Nov
2013
12 Nov
'13
9:10 a.m.
The 07/11/13, Daniel P. Berrange wrote:
There's no support for nwfilter at all when using openvswitch, due to the kernel limitations you mention. The (disgusting) way openstack deals with this is to create a traditional bridge per vm so you have
phys nic <-> openvswitch \---> vm bridge <-> vm tap dev \---> vm bridge <-> vm tap dev \---> vm bridge <-> vm tap dev
Why is it "disgusting"? -- Nicolas Sebrecht