Mike Bursell mike.bursell at citrix.com
Mon Feb 6 15:21:59 UTC 2012

Given that there are a number of hooks provided by netfilter, when using OVS, at which point do the OVS rules get applied with respect to the netfilter hooks for things like iptables, please?

Also, does the use of OVS disable any of the netfilter hooks, or are they completely independent of each other?

I guess the underlying question is: what interactions might be expected between OVS and netfilter hook-using components?  What's considered safe, and what isn't?  I could see some pretty confusing behaviours if they start interacting in unexpected ways.  Are there any differences in behaviour between ebtables, iptables and arptables in this context?

Given that there's some overlap in the capabilities of iptables and OVS, is it expected that people would/should use both iptables and OVS at the same time, or would we expect OVS to be used to replace iptables in all cases?

(As an example, consider the following diagram: http://upload.wikimedia.org/wikipedia/commons/8/8f/Diagrama_linux_netfilter_iptables.gif  How does this diagram change when using the OVS?  Or does it...?)


