Open vSwitch
Contents
About
Bridges offer the possibility to connect VMs (internally, with the host or with the outside world) but also introduce a security risk, because all packages are forwarded to any interface that is participating. A interface in promiscuous mode will be capable of sniffing other VMs traffic. That's where Open vSwitch comes into play as a compatible drop-in-replacement for conventional bridges.
Install Open vSwitch
Install
1 aptitude install openvswitch-switch
Create a Open vSwitch
Create the bare vSwitch
Add fake bridges
Fake bridges are just virtual sub bridges of a parent bridge, that assign an attached port to a specific vlan in access mode.
1 ovs-vsctl add-br ovs-trf1 ovs-virt 100 # transfer network
2 ovs-vsctl add-br ovs-pub1 ovs-virt 500 # public dmz - public network #1
3 ovs-vsctl add-br ovs-pub2 ovs-virt 501 # public dmz - public network #2
4 ovs-vsctl add-br ovs-1a ovs-virt 1000 # public dmz - private network
5 ovs-vsctl add-br ovs-1a-iss ovs-virt 1001 # public dmz - private network iss
6 ovs-vsctl add-br ovs-1n ovs-virt 1500 # extranet
7 ovs-vsctl add-br ovs-2a ovs-virt 2000 # intranet
8 ovs-vsctl add-br ovs-2n ovs-virt 2500 # secure zone
9 ovs-vsctl add-br ovs-mon1 ovs-virt 3000 # monitoring
10
Libvirt integration
Please see
libvirt#Networking
Show switch
The guest has attached the NIC to the Open vSwitch successfully.
Show information from ovs table port
Please see man 5 ovs-vswitchd.conf.db
Add port to bridge
1 ovs-vsctl add-port br0 enp2s0f0