> >>yes, I want it ;-) And it seems we can do it with the veth setup. > Ah ok ! seem more clear now. > > isn't veth too much overhead ? (I'm a bit worried about veth performance, > see http://www.opencloudblog.com/?p=96)
I want a fully functional implementation first. We can optimize later. Everything is better than requiring an external firewall. Also, I thought you want to write an ultra-fast OVS controller to do that job ;-) > couldn't we scan bridges arp tables, and make rules with ips ? (at least for > routed guests) (or manage guests ips in vm configs) I guess arp is not very reliable, and we currently do not even have IPs on network interfaces. IMHO it is better to spent time to write an OVS controller instead of adding such hacks. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
