Open vSwitch components in compute host

The Open vSwitch agent manages connectivity among virtual switches and supports interaction via virtual ports with other network components such as namespaces to provide network isolation, and Linux Bridges to support security groups. Integration Bridge in compute node supports interfaces to virtual machines. The Open vSwitch agent creates the following OVS bridge interfaces as per configuration options.

The Integration Bridge is usually named br-int and each instance is plugged into the it via a veth port. This carries traffic to and from the instance (VM) via a Linux Bridge.

Open vSwitch components in compute host

Figure 3: OVS on a compute node

Open vSwitch (OVS) cannot connect with iptables to implement security groups. Linux Bridge is used between each instance (VM) and the OVS Integration Bridge br-int to implements security groups. Linux Bridge the traffic between the veth peer port and tap interface which connects to the instance.

The br-int adds a VLAN ID tag to the packet header for the untagged packets received from the instance based on the network-id and strips off the VLAN ID for the packets to the instance. Each network is assigned a unique VLAN ID and is classified based on the tag.

The br-tun connects the Integration Bridge br-int via a patch interface. Tunnel Bridge (br-tun) translates VLAN-tagged traffic from the Integration Bridge (br-int) into tunnel IDs depending on the tunnel type (VXLAN, GRE).

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.148.216