[openstack-dev] [Openstack] Quantum vs. Nova-network in Folsom

rohon mathieu mathieu.rohon at gmail.com
Fri Sep 14 14:10:18 UTC 2012 

I think I was missing the

LIBVIRT_FIREWALL_DRIVER=nova.virt.libvirt.firewall.IptablesFirewallDriver

On Fri, Sep 14, 2012 at 11:24 AM, rohon mathieu <mathieu.rohon at gmail.com>wrote:

> Hi Dan,
>
> I have tried to use LibvirtHybridOVSBridgeDriver but I get some troubles :
>
> https://bugs.launchpad.net/nova/+bug/1050433
>
> Do I miss something?
>
>
> On Thu, Sep 6, 2012 at 6:29 PM, Dan Wendlandt <dan at nicira.com> wrote:
>
>> On Thu, Sep 6, 2012 at 12:50 AM, rohon mathieu <mathieu.rohon at gmail.com>
>> wrote:
>> > There is still the security filtering issue
>> > (https://blueprints.launchpad.net/quantum/+spec/ovs-security-filtering)
>> > which prevent some cloud operator from using OVS.
>> >
>> > Do you have a workaround to use security group with OVS in folsom?
>>
>> Yes, it merged into Nova yesterday.
>> https://bugs.launchpad.net/quantum/+bug/1039400
>>
>> We're still working on the new Quantum docs for Folsom, but if you're
>> already familiar with using Quantum + Nova, the key difference is that
>> you use should a libvirt vif-plugging config of
>> LibvirtHybridOVSBridgeDriver, rather than just
>> LibvirtOpenVswitchDriver .
>>
>> Dan
>>
>>
>>
>>
>>
>> >
>> > On Wed, Sep 5, 2012 at 7:01 PM, Dan Wendlandt <dan at nicira.com> wrote:
>> >>
>> >> On Wed, Sep 5, 2012 at 5:23 AM, andi abes <andi.abes at gmail.com> wrote:
>> >> > late to the party... but I'll dabble.
>> >> >
>> >> > On Mon, Aug 27, 2012 at 12:21 PM, Chris Wright <chrisw at sous-sol.org>
>> >> > wrote:
>> >> >> * Rob_Hirschfeld at Dell.com (Rob_Hirschfeld at Dell.com) wrote:
>> >> >>> We've been discussing using Open vSwitch as the basis for
>> non-Quantum
>> >> >>> Nova Networking deployments in Folsom.  While not Quantum, it
>> feels like
>> >> >>> we're bringing Nova Networking a step closer to some of the core
>> >> >>> technologies that Quantum uses.
>> >> >>
>> >> >> To what end?
>> >> >
>> >> > OVS provides much more robust monitoring and operational facilities
>> >> > (e.g sFlow monitoring, better switch table visibility etc).
>> >>
>> >> You won't find any disagreement from me about OVS having more advanced
>> >> capabilities :)
>> >>
>> >> > It also provides a linux-bridge compatibility layer (ovs-brcompatd
>> >> > [1]), which should work out-of-box with the linux-bridge. As such,
>> >> > switching to using OVS rather than the linux bridge could be done
>> >> > without any code changes to nova, just deployment changes (e.g.
>> ensure
>> >> > that ovs-brcompatd is running to intercept brctl ioctl's - [2]).
>> >>
>> >> Using ovs-brcompatd would be possible, though some distros do not
>> >> package and run it by default and in general it is not the "preferred"
>> >> way to run things according to email on the OVS mailing list.
>> >>
>> >> >
>> >> > For the more adventurous, there could be any number of interesting
>> >> > scenarios enabled by having access to ovs capabilities  (e.g.
>> >> > tunneling)
>> >>
>> >> Tunneling is definitely a huge benefit of OVS, but you still need
>> >> someone to setup the tunnels and direct packets into them correctly.
>> >> That's is exactly what the Quantum OVS plugin does and it is
>> >> completely open source and freely available, so if people want to
>> >> experiment with OVS tunneling, using Quantum would seem like the
>> >> obvious way to do this.
>> >>
>> >> Dan
>> >>
>> >>
>> >> --
>> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >> Dan Wendlandt
>> >> Nicira, Inc: www.nicira.com
>> >> twitter: danwendlandt
>> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> >>
>> >> _______________________________________________
>> >> OpenStack-dev mailing list
>> >> OpenStack-dev at lists.openstack.org
>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>> >
>> >
>> > _______________________________________________
>> > OpenStack-dev mailing list
>> > OpenStack-dev at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>>
>>
>>
>> --
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Dan Wendlandt
>> Nicira, Inc: www.nicira.com
>> twitter: danwendlandt
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20120914/b0bfd56d/attachment.html>

More information about the OpenStack-dev mailing list