Hi all,
We're using since a long time libvirt with KVM guest machines and linux
bridges. Firewall rules based on iptables and defined on the host server
control inbound/outbound traffic to/from each VM. In order to improve
remote administration facility and get extra services, it makes sense
for us to replace linux bridges with Open vSwitch. However, the side
effect is the solution's inability to filter VM traffic since it's
impossible to set-up iptables rules with ovs bridges. OpenStack/Quantum
circumvents this problem (no talking about performance) by setting an
extra linux bridge and veth pair between the guest TAP and ovs.
Is there {a simple|an alternative} solution to achieve it without
installing the OpenStack/Quantum layer ?
Thanks,
Regards,
--
Université de Nantes - Direction des Systèmes d'Information
IM jabber: yoann.juet@univ-nantes.fr