|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xenserver Iptables with openvswitch
On Tue, 2014-05-20 at 11:24 +0300, Eddi Linder wrote: > Hi, > > > I am currently working on a datapath solution which will be located > between vm interfaces and the br-int ovs. > The idea is to implement something similar to the security groups in > openstack - we want to install additional (TCP flag filter based) > rules on the iptables on the linux bridges to mirror/redirect specific > packets to our own hypervisor process. > The scheme described on openstack's website shows that it uses a linux > bridges for each interface in between the vm and the br-int ovs, and > applies iptables rules on the interfaces connected to the bridge. > http://docs.openstack.org/admin-guide-cloud/content/figures/10/a/common/figures/under-the-hood-scenario-1-ovs-compute.png > > > When trying to deploy a similar solution on xenserver, we found out > that linux bridges and openvswitch kernel modules cannot coexist on > this specific hypervisor (it is simply not supported on old kernels > like it has). > > So the question is, how did openstack implement the security groups on > xenserver hosts, without using the default linux bridge kernel module? This list is for the development of the upstream version of the Xen hypervisor. XenServer is a separate project over at http://www.xenserver.org which has its own lists etc where you will find people able to help with XenServer problems. Although looking at the question perhaps you should be asking the openstack (or perhaps openvswitch) folks instead/as well? Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |
