[pve-devel] kernel 3.10 : bridge vlan test

[Alexandre DERUMIER]

>>What exactly are the advanced features?

- openflow (very important for me, as I have servers with more than 100vms, it's difficult to analyse traffic between vms on same bridge)

- vxlan support (linux bridge have also support recently, but I don't known if it's work)

- and for my personnal opinion, I think linux bridge have too much regression when new features are impletemed. 
   some bugs last year:
   - multicast problems (igmp snooping bug)
   - mixing tagged vlans on ethX host and tagged vlans in guest didn't work(maybe it's solved), 
   - gvrp support bugs (see stefan)
    -....


>>For me this is minor advantage, not worth to introduce a complete new network infrastructure.

>>But don't get me wrong - I just want to be to negative here. I just want to avoid that
>>we have to do all things twice (firewall).

Sure I understand. (I just want to add support to pve-bridge script, as I really don't need to manage firewall on proxmox side).


>>So the question is: Can we build a full featured firewall using openflow? 

I think it's not yet possible, but it's on the roadmap of openstack
https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver





----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com>, "Stefan Priebe" <s.priebe at profihost.ag> 
Envoyé: Mardi 17 Décembre 2013 09:21:28 
Objet: RE: [pve-devel] kernel 3.10 : bridge vlan test 

> My point is that it could be fine to give user choice (at least for advanced users, 
> not everyone need advanced features of openvswitch) 

What exactly are the advanced features?