[pve-devel] pvefw: masquerade problems and conntrack zones
Dietmar Maurer
dietmar at proxmox.com
Tue Mar 11 17:00:03 CET 2014
> > isn't veth too much overhead ? (I'm a bit worried about veth
> > performance, see http://www.opencloudblog.com/?p=96)
>
> People always compare performance of OVSIntPort with full-featured linux
> netfilter code.
BTW, do I understand the OpenStack network correctly?
1.) They use a linux bridge to apply netfilter firewall.
2.) They use an OVS bridge and plug in the linux bridge (using veth pair?)
3.) They use an (GRE) tunnel to a dedicated network host?
Not sure if that is correct, but I do not believe that is faster.
More information about the pve-devel
mailing list