xenbits.xensource.com Git - libvirt.git/commit

author	Reinier Schoof <reinier@transip.nl>
	Thu, 17 Jan 2013 11:24:04 +0000 (12:24 +0100)
committer	Eric Blake <eblake@redhat.com>
	Thu, 17 Jan 2013 18:32:26 +0000 (11:32 -0700)
commit	65fb9d49cc9caae210977934b53d87e56429407b
tree	ef345c73fef1469fccbd0c79cec1330c192d4bcc	tree
parent	877dab6ccf9ce79e28c1e5f9b70459a9f9a8a6c2	commit \| diff

fixed xt_physdev warning when defining ip(6)tables rules

When starting a VM, /var/log/messages was spammed with the following message:
xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.

With each extra VM I start, the messages get amplified
exponentially. This results in longer starting times every new VM,
relative the the previously started VM. When I ran a test with
starting 100 equal VM's, the first VM started in about 2 seconds, the
100th VM took 48 seconds to start. I'm running a vanilla 3.7.1 kernel,
but I have the same issue on VM hosts with kernel 3.2.28 or 3.2.0,
running libvirt 0.9.12 and 0.9.8 respectively.

Looking into the warning, it seemed that iptables need an extra argument,
--physdev-is-bridged, in commands like:
iptables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet99 -g FP-vnet99

With that, the warnings in /var/log/messages are gone and running the
test again proved the 100th VM started in 3.8 seconds.