Re: [libvirt] [RFC Incomplete Patch] Libvirt + Openvswitch

On 01/27/2012 02:22 PM, kmestery wrote: > Hi Dan: > > We at Cisco have been looking at this as well, and in fact were going to propose some things in this area as well. Our proposal (which frankly just builds on top of what you have): > > The proposal at hand is to add some libvirt configuration as follows: > > <network> > <name>ovs-network</name> > <forward mode='ovs' dev='br0'> Nice! It might be good to settle on a common nomenclature for openvswitch between the network code and interface code. I think I might lean more towards your "openvswitch" than Dan's "ovs", just because it's immediately more obvious to someone who doesn't know what they're looking for.

Rather than using the dev attribute, I think it would be more appropriate to use the separate <bridge name='xxx' <bridge name='br0'/> The dev attribute currently has two uses (depending on forward mode) - 1) for virtual networks it indicates which device must be used for all traffic from this network as an egress from the host, and 2) for macvtap modes, it indicates both which interface the guest should connect to, AND which device to use for egress from the host (since both are the same). As far as I understand it, the openvswitch model is more like our bridge mode, where <bridge name='xx'/> is used to indicate which device the guest's tap interfaces should connect to. One advantage of this other than consistency, is that this way a management application that didn't understand the ovs forwarding mode would still properly understand that guests using this network would have their interfaces connected to br0.

Alternately, since the openvswitch is presumably equivalent to a bridge, you could follow the method networks that use host bridges and macvtap in "bridge" mode - they both use <forward mode='bridge'>, but are differentiated by whether or not they have a <bridge name='xxx'/> element, or a dev='xx' attribute. Possibly the forward mode would still be bridge, and a separate "<openvswitch name='br0'/> (or something like that) could be used, or maybe mode could remain "bridge", and the <bridge> element could get a new attribute, e.g.: <bridge name='br0' type='openvswitch'/> Actually I think I like this best, because someone looking at the reduced set of attributes would still get all the useful info they needed: 1) it is a bridged connection to the rest of the network (rather than routed) and 2) the device used is br0.

> <script path='/etc/qemu-ifup-ovs'/> What do you need the script for? ifup scripts bring up security questions, are currently only permitted with qemu domains for "generic ethernet" interfaces (which are really there just as a way to make *something* work when one of the existing supported types doesn't work), and result in the domain being marked as "tainted". The preferred method is to put whatever functionality is needed directly into libvirt.

> </forward> > </network> > > This would setup the OVS network entity, and sets up a forwarding mode of "ovs", which indicates Open vSwitch is used to forward traffic. > > <interface type='network'> > <source network='ovs-network'/> > <virtualport type='openvswitch'> > <parameters interfaceid="interface-xyz"/> > </virtualport> I like this re-used of virtualport, rather than defining a new element. > </interface> > > This model of exposing parameters to virtualport types allows for further expansion as new interface types and parameters are added. > > Thoughts? Uh, "how about some patches?" :-) This all seems to be coming together rather nicely.