Revision history [back]

click to hide/show revision 1
initial version

Linux bridges between OVS & instance not needed anymore?(havana-3)

While doing packstack allinone I spotted that linux bridges are missing and instance is being connected directly to OVS. Looking at the code in https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py we can find:

# Since libvirt 0.9.11, <interface type='bridge'>
# supports OpenVSwitch natively.
LIBVIRT_OVS_VPORT_VERSION = 9011
DEV_PREFIX_ETH = 'eth'

I'm wondering about two things: 1. shall we log a bug in openstack networking documentation http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html which says that:

Security groups: iptables and Linux bridges

Ideally, the TAP device vnet0 would be connected directly to the integration bridge, br-int. Unfortunately, this isn't possible because of how OpenStack security groups are currently implemented. OpenStack uses iptables rules on the TAP devices such as vnet0 to implement security groups, and Open vSwitch is not compatible with iptables rules that are applied directly on TAP devices that are connected to an Open vSwitch port.

Networking uses an extra Linux bridge and a veth pair as a workaround for this issue. Instead of connecting vnet0 to an Open vSwitch bridge, it is connected to a Linux bridge, qbrXXX. This bridge is connected to the integration bridge, br-int, through the (qvbXXX, qvoXXX) veth pair.

as it looks like this is no longer a case

  1. Where we can find packstack release notes - to see in which release libvirt was changed - as I remember that when I was installing RDO 2-3 months ago (allinone) - I had linux bridges between OVS & instance. So it looks like libvirt was changed.

S.