[ovs-discuss] OpenVswitch and iptables DNAT : problems
Benoit ML
ben42ml at gmail.com
Thu Apr 14 08:01:01 UTC 2011
Hi,
Same bridge but different vlan. Thank for your answer.
Well I've done some others tests with interesting result.
First, in fact my network topologie is a quite bite complexe :
I've got an x86 server (call it Vswtich BrCentral) where all vswitch of
hypervisor are connected through GRE tunnel.
WAN
|
|
access port vlan 2 - connected to a physical switch
|
Openvswitch have a dedicated eth for this.
[x86 -
brcentral]
/ \
GRE Tunnel ===> / \
hysical vlan 40 /
\
/ \
[hyperV - br0]
[hyperV - br0]
/ \
/ \
/ \
/ \
[VM FW] [VM WEB]
The VMs have the network topoligy I present before :
For the VM FW, two interface on two different Vlan.
For th VM WEB, only one interface
The GRE tunnel carry all network trafic, on OpenVswitch there configured as
trunk=[0].
So the crappy connection with the DNAT is present in this network
onfiguration.
But, and this is the interesting point : If I move one of the vm on an other
hypervisor (and vswitch br0) the DNAT works very well. Very good response
time.
WAN
|
|
access port vlan 2 - connected to a physical switch
|
Openvswitch have a dedicated eth for this.
[x86 -
brcentral]
/ \
GRE Tunnel ===> / \
trunk=[0] /
\
/ \
[hyperV - br0]
[hyperV - br0]
multiple if /
\
multiple vlan
/ \
/
\
/
\
/ \
[VM WEB]
[VM WEB]
I hope it's relativly clear ;)
Of course I have more hypervisor and VM than in the ascii art schema ;)
Regards,
2011/4/13 Jesse Gross <jesse at nicira.com>
> On Wed, Apr 13, 2011 at 7:16 AM, Benoit ML <ben42ml at gmail.com> wrote:
> > Hello,
> >
> > I've got a problème with openVswitch and iptables/DNAT
> >
> > On an hypervisor with openvswitch, I have two VM. One of this VM is a
> linux
> > firewall and the other a web server.
> > The network topology is simble :
> > == LAN ==
> > |
> > |
> > | LAN IP : 10.x.x.x
> > [VM Firewall]
> > | Pv IP : 192.168.7.1
> > |
> > |
> > | Pv IP : 192.168.7.10
> > [VM WebServer]
>
> The interfaces on the LAN side and private sides are divided into two
> different Open vSwitch bridges or vlans, correct? Assuming that is
> the case, there should be no interactions between Open vSwitch and
> iptables since they are running in different VMs.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110414/5aef4dd1/attachment-0001.html>
More information about the discuss
mailing list