[ovs-discuss] libvirt netfilter support on openvswitch

Amit Tewari Amit.Tewari at nechclst.in
Thu Dec 22 03:17:33 UTC 2011


Hi,

 

My test environment

 

Host OS = rhel 6.1 x86_64

OPenvswitch = 1.2.2

Hypervisor = KVM

Guest os = rhel 6.1 

Libvirt = 0.8.7

 

I enabled netfilter rules on guest machine by adding following rule in
/etc/libvirt/qemu/guest1.xml file

 

...

 

<interface type='bridge'>

      <mac address='52:54:00:f6:e9:23'/>

      <source bridge='br0'/>

      <model type='virtio'/>

      <filterref filter='no-ip-spoofing'/>

...

 

Now on Linux Bridge we enable
/proc/sys/net/bridge/bridge-nf-call-iptables parameter to allow
netfilter rules to be applied on bridge, and it works correctly for
guest machine.

But when we use openvswithch this parameter do not exists and netfilter
do not works on guest machine.

 

 

I wanted to know whether openvswitch support libvirt netfilter rules on
bridges ?

 




DISCLAIMER: 
----------------------------------------------------------------------------------------------------------------------- 
The contents of this e-mail and any attachment(s) are confidential and
intended 
for the named recipient(s) only.  
It shall not attach any liability on the originator or NECHCL or its 
affiliates. Any views or opinions presented in  
this email are solely those of the author and may not necessarily reflect the 
opinions of NECHCL or its affiliates.  
Any form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of  
this message without the prior written consent of the author of this e-mail is 
strictly prohibited. If you have  
received this email in error please delete it and notify the sender 
immediately. . 
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20111222/98d85dcb/attachment.html>


More information about the discuss mailing list