[Openstack] Why is Neutron OVS topology the way it is?
Robert van Leeuwen
Robert.vanLeeuwen at spilgames.com
Tue Mar 11 14:57:55 UTC 2014
> I was playing with OpenStack Neutron with OVS plugin. When I launch VMs, I noticed that there is a Linux
> bridge (qbrxxx) created for each VM, which is then connected to the OVS bridge (ovs-int). See the following.
> My question is, why couldn't VMs be directly connected to br-int (without qbr Linux bridges)? Why do we create
> additional Linux bridges between OVS bridge and VMs? What is the role of Linux bridges here?
This is, depending on your setup, not strictly necessary.
Depending on the plugin you select you will get these.
Note that the openvswitch setup with security groups enabled needs these devices.
This is because without them traffic will never hit iptables on the compute node.
There is currently work in progress to copy the iptables functionality to openvswitch/openflow rules so this setup is no longer needed.
Cheers,
Robert van Leeuwen
More information about the Openstack
mailing list