>>It should be quite simply to implement such setup. Do they use a single linux >>bridge, or a separate >>bridge for each VM tap?
AFAIK, they use 1 bridge by tap (only when they use the hybrid network for enable iptables firewalling) see example here : http://openstack.redhat.com/Networking_in_too_much_detail#Compute_host:_instance_networking_.28A.2CB.2CC.29 >>Although I am not sure what we gain with such setup? I think because it's more easy for them. In all case, they have a central openvswitch, and they manage vlan on openvswitchs. So with firewall, they just need to create "1 internalport - 1 tap bridge" couple for each vlan, assign vlan on ovs internalport, and plug the internalport to tap bridge ----- Mail original ----- De: "Dietmar Maurer" <diet...@proxmox.com> À: "Alexandre DERUMIER" <aderum...@odiso.com> Cc: pve-devel@pve.proxmox.com Envoyé: Mardi 11 Mars 2014 18:18:21 Objet: RE: [pve-devel] pvefw: masquerade problems and conntrack zones > >>2.) They use an OVS bridge and plug in the linux bridge (using veth > >>pair?) > not anymore, because of performance problems. now, they plug ovsint port > to bridge It should be quite simply to implement such setup. Do they use a single linux bridge, or a separate bridge for each VM tap? Although I am not sure what we gain with such setup? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
