So far we’ve looked at:
- What tap interfaces are and why the VMs require them for network connectivity. (Part 1)
- How security groups are implemented as iptables rules. (Part 2)
- The implementation detail that iptables is just a front-end to the netfilter framework within the kernel, a framework that operates at layer 3.
None of that explains why we need the linux bridge in the middle, however.Read more “Neutron security groups and OVS, Part 3: tracing OVS’s hooks and claws…”