The Open vSwitch agent manages connectivity among virtual switches and supports interaction via virtual ports with other network components such as namespaces to provide network isolation, and Linux Bridges to support security groups. Integration Bridge in compute node supports interfaces to virtual machines. The Open vSwitch agent creates the following OVS bridge interfaces as per configuration options.
The Integration Bridge is usually named br-int
and each instance is plugged into the it via a veth port. This carries traffic to and from the instance (VM) via a Linux Bridge.
Figure 3: OVS on a compute node
Open vSwitch (OVS) cannot connect with iptables to implement security groups. Linux Bridge is used between each instance (VM) and the OVS Integration Bridge br-int
to implements security groups. Linux Bridge the traffic between the veth peer port and tap interface which connects to the instance.
The br-int
adds a VLAN ID tag to the packet header for the untagged packets received from the instance based on the network-id and strips off the VLAN ID for the packets to the instance. Each network is assigned a unique VLAN ID and is classified based on the tag.
The br-tun
connects the Integration Bridge br-int
via a patch interface. Tunnel Bridge (br-tun
) translates VLAN-tagged traffic from the Integration Bridge (br-int
) into tunnel IDs depending on the tunnel type (VXLAN, GRE).
3.133.148.216