On Thu, Dec 12, 2013 at 2:24 AM, Yoann Juet <yoann.j...@univ-nantes.fr> wrote:
> Hi all,
>
> We're using since a long time libvirt with KVM guest machines and linux
> bridges. Firewall rules based on iptables and defined on the host server
> control inbound/outbound traffic to/from each VM. In order to improve remote
> administration facility and get extra services, it makes sense for us to
> replace linux bridges with Open vSwitch. However, the side effect is the
> solution's inability to filter (with netfilter/iptables) VM traffic since
> it's impossible to set-up iptables rules with ovs bridges. OpenStack/Quantum
> circumvents this problem (no talking about performance) by setting an extra
> linux bridge and veth pair between the guest TAP and ovs.
>
> Is there {a simple|an alternative} solution to achieve it without installing
> the OpenStack/Quantum layer ?It's possible to configure the same thing manually by connecting multiple bridges. You might also be able to write your iptables rules using OpenFlow directly, which would be the most efficient. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
