[pve-devel] OpenVSwitch for KVM Networking?

[Dietmar Maurer]

> I'm interested in working on a patch to use OpenVSwitch for networking instead
> of the generic bridge. I'm starting a hosting company and would like to use
> Proxmox to serve KVM instances, but need more security than bridge
> networking can provide. While the basic underly premise is the same, using OVS
> would allow the ability to add rules to the connected ports to prevent spoofing
> of IPs and MAC addresses, as well as more advanced metering of traffic via
> sFlow. Is this something that the community would be interested in? Would it be
> better to setup similar protection rules using ebtables? I'm curious on your
> thoughts.

First, AFAIK OpenVSwitch is not compatible with iptables, and openflow does not offer 
the full iptables functionality.

Some time ago we started a iptables based prototype here:

https://git.proxmox.com/?p=pve-firewall.git;a=summary

It is based on shorewall and look quite promising. But it needs some love
to make it production ready.