Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

You need to use the LibvirtHybridOVSBridgeDriver VIF driver. Then each VIF gets connected to br-int via its own Linux bridge, and the iptables rules are applied on the Linux bridge devices. The connections will look like:

tap12345678-12 --> qbr12345678-12 --> qvb12345678-12 --(veth)--> qvo12345678-12 --> br-int

So here the VM is connected to tap12345678-12, which is plugged into Linux bridge qbr12345678-12, which is connected to br-int with a veth pair.

To use this driver and Quantum security groups, you need these lines in nova.conf:

security_group_api = quantum
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

And these lines in ovs_quantum_plugin.ini:

[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver