[pve-devel] OpenVSwitch for KVM Networking?

Dietmar Maurer dietmar at proxmox.com
Fri Dec 6 06:02:27 CET 2013

> I'm interested in working on a patch to use OpenVSwitch for networking instead
> of the generic bridge. I'm starting a hosting company and would like to use
> Proxmox to serve KVM instances, but need more security than bridge
> networking can provide. While the basic underly premise is the same, using OVS
> would allow the ability to add rules to the connected ports to prevent spoofing
> of IPs and MAC addresses, as well as more advanced metering of traffic via
> sFlow. Is this something that the community would be interested in? Would it be
> better to setup similar protection rules using ebtables? I'm curious on your
> thoughts.

First, AFAIK OpenVSwitch is not compatible with iptables, and openflow does not offer 
the full iptables functionality.

Some time ago we started a iptables based prototype here:


It is based on shorewall and look quite promising. But it needs some love
to make it production ready.

More information about the pve-devel mailing list