[pve-devel] OpenVSwitch for KVM Networking?
dietmar at proxmox.com
Fri Dec 6 06:02:27 CET 2013
> I'm interested in working on a patch to use OpenVSwitch for networking instead
> of the generic bridge. I'm starting a hosting company and would like to use
> Proxmox to serve KVM instances, but need more security than bridge
> networking can provide. While the basic underly premise is the same, using OVS
> would allow the ability to add rules to the connected ports to prevent spoofing
> of IPs and MAC addresses, as well as more advanced metering of traffic via
> sFlow. Is this something that the community would be interested in? Would it be
> better to setup similar protection rules using ebtables? I'm curious on your
First, AFAIK OpenVSwitch is not compatible with iptables, and openflow does not offer
the full iptables functionality.
Some time ago we started a iptables based prototype here:
It is based on shorewall and look quite promising. But it needs some love
to make it production ready.
More information about the pve-devel