I believe this is so that security groups can be applied using iptables on those qbrXXX interfaces. At least that's how it works in our implementation under Havana.
From: Dan Nanni <xmod...@gmail.com<mailto:xmod...@gmail.com>> Date: Tuesday, March 11, 2014 8:06 AM To: "openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>" <openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>> Subject: [Openstack] Why is Neutron OVS topology the way it is? Hi, I was playing with OpenStack Neutron with OVS plugin. When I launch VMs, I noticed that there is a Linux bridge (qbrxxx) created for each VM, which is then connected to the OVS bridge (ovs-int). See the following. VM0 VM2 | | qbrXXX qbrYYY (per-VM linux bridges) | | | | br-int (OVS bridge) | br-eth My question is, why couldn't VMs be directly connected to br-int (without qbr Linux bridges)? Why do we create additional Linux bridges between OVS bridge and VMs? What is the role of Linux bridges here? Thanks! -Dan
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
