'[ovs-discuss] OpenVswitch and iptables DNAT : problems'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvswitch-discuss
Subject:    [ovs-discuss] OpenVswitch and iptables DNAT : problems
From:       ben42ml () gmail ! com (Benoit ML)
Date:       2011-04-15 14:44:34
Message-ID: BANLkTimoeEVPdWdiA=TjtB_Z7S3AE+hdRw () mail ! gmail ! com
[Download RAW message or body]

Hi,

Thank you.

If someone have time to check this on Xen or reproduce the same situation on
KVM it will be a nice thing ;)

Yes you are wright, the flow does the all way.  And response time is better
....


Sorry a little mistake , new version of  the ascii art :

                                                              WAN
                                                                    |
                                                                    |
access port vlan 2 - connected to a physical switch
                                                                    |
Openvswitch have a dedicated eth for this.
                                                             [x86 -
brcentral]

/              \
                         GRE Tunnel   ===>      /                      \
                          trunk=[0]                    /
      \

/                                 \
                                               [hyperV - br0]
[hyperV - br0]
                multiple if                 /
               \
                multiple vlan
/                                                  \
                                            /
                     \
                                           /
                      \

/                                                           \
                                 [VM FW]
   [VM WEB]

Thank you for the time :)

Regards,

2011/4/15 Jesse Gross <jesse at nicira.com>

> On Thu, Apr 14, 2011 at 1:01 AM, Benoit ML <ben42ml at gmail.com> wrote:
> > Hi,
> >
> > Same bridge but different vlan. Thank for your answer.
> >
> > Well I've done some others tests with interesting result.
>
> Hmm, that is an interesting result.  It's possible, though it seems
> unlikely, that some of the netfilter information is propagated between
> the VMs and causing problems.  I have more experience with Xen than
> KVM and I would be very surprised to find this, however, KVM does have
> tighter coupling between guest and host so it's possible that
> something is passing through.  To answer your original question
> though, no, I don't know of anyone that has tested this.
>
> Just to clarify, in the second setup you moved the firewall to the
> other hypervisor and the two vlans are trunked over the GRE tunnel,
> right?  So all traffic flows first to the firewall hypervisor over
> GRE, back to the hub, and then back to the web hypervisor over GRE
> again?  You drew a VM Web on both hypervisors, so I just wanted check.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/discuss/attachments/20110415/5fd48a9b/attachment.htm>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic