Ask Your Question

Why NEUTRON needs interface phy-br-ex & int-br-ex? [closed]

asked 2014-04-03 06:22:50 -0500

thuanqin gravatar image

I am setting up a HAVANA environment and use NEUTRON VLAN for network. I'm really confused about why NEUTRON create phy-br-ex & int-br-ex on network node. Any one know what they are used for? Thanks.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by thuanqin
close date 2014-04-07 07:36:43.978946

2 answers

Sort by ยป oldest newest most voted

answered 2014-04-03 06:53:39 -0500

sateesh gravatar image


br-ex is used to connect external network(Br - Bridging to external network) br-int is used to connect internal network ( For VM `s communication)

You have to Map br-ex to eth0/1 to access internet/access VM from outside)


ovs-vsctl add-br br-int

ovs-vsctl add-br br-ext ovs-vsctl add-port br-ext eth0/1

Regards Sateesh

edit flag offensive delete link more


Thanks sateesh. I understand the meaning of br-ex and br-int, but I don't understand the meaning of the veth pair 'phy-br-ex' and 'int-br-ex'.they connect br-ex and br-int, but I didn't see any network flow through them. Do you know what they are used for? Thanks. (Pls forgive my poor english :))

thuanqin gravatar imagethuanqin ( 2014-04-03 07:08:08 -0500 )edit

You can find a picture that depict it from here: (

thuanqin gravatar imagethuanqin ( 2014-04-03 07:09:58 -0500 )edit

Specifically slide 14. Comparison with the LinuxBridge model might also help you fully understand the architecture:

jtopjian gravatar imagejtopjian ( 2014-04-03 09:08:20 -0500 )edit

answered 2014-04-03 09:22:34 -0500

They are virtual ports.

phy-br-ex is the port attached to the vSwitch br-ex and phy-br-int is the port attached to the vSwitch br-int.

These are linked internally to allow traffic to flow from br-ex to br-int, or vice versa. The reason why you cannot see them is because these are taken to be the physical ports through where the traffic flows. Programs like tcpdump only allow you to capture traffic on a driver (eth0, for example).

Hope this helps.

edit flag offensive delete link more


Thank you mithilarun. I know they are virtual ports but I can't understand why they are needed. I think that the internal traffic flow can be sent to br-ex through NAT&router in virtual router namespace. So which type of traffic flow need these two ports? Or if they are deleted, what will happen?

thuanqin gravatar imagethuanqin ( 2014-04-03 09:58:03 -0500 )edit

In my understand, a packet from VM will follow this sequence:VM-eth0 > qbrxxx > br-int in compute-node > br-eth1 in compute-node > eth1 in compute-node > br-eth1>br-int in net-node > qr-xxx in route namespace > NAT table > qg-XXX->eth0 in net-node > public network. So no traffic flow need phy-br-ex & int-br-ex. Is that right?

thuanqin gravatar imagethuanqin ( 2014-04-03 10:02:32 -0500 )edit

I can find this 'While the integration bridge and the external bridge are connected by a veth pair (int-br-ex, phy-br-ex), this example uses layer 3 connectivity to route packets from the internal networks to the public network: no packets traverse that veth pair in this example.' in this guide: , which say that these two ports are not used. So in what situation will they be used? Thanks and please forgive my poor englist :).

thuanqin gravatar imagethuanqin ( 2014-04-03 10:10:45 -0500 )edit

Hey! The flow of packets that you spoke about is for the internal network. There is a similar flow to lead to the external network. VM->qg-XXX->br-int->br-ex->ethX (where ethX is the port that connects to the internet). Note that br-int is also connected to br-eth1 which is your internal network. The veth pair int-br-ex--phy-br-ex connects br-int and br-ex.

mithilarun gravatar imagemithilarun ( 2014-04-07 05:27:48 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-04-03 06:22:50 -0500

Seen: 5,210 times

Last updated: Apr 03 '14