[openstack-dev] [Neutron] Security Groups OVS conntrack support
Fawad Khaliq
fawad at plumgrid.com
Mon Nov 23 11:03:31 UTC 2015
Hi Tapio,
This is an improvement in the lower implementation layer where to support
security groups, previously, we needed to have both OVS and linux bridges.
With an improvement in OVS, this can be avoided and we will only need OVS
bridge. This does not affect the user interface to security groups in terms
of API nor it is a new functionality from a user point of view. Please see
this bug [1] for more details. Hope that clarifies.
P.S. Here's a link [2], which capture some internals of networking that you
might be interested in :-)
[1] https://bugs.launchpad.net/neutron/+bug/1461000
[2] https://www.rdoproject.org/networking/networking-in-too-much-detail/
Fawad Khaliq
On Mon, Nov 23, 2015 at 3:55 PM, Tapio Tallgren <tapiotallgren at gmail.com>
wrote:
> Hi,
>
> Sorry for the stupid question, but how will I use the connection tracking
> in security groups? Is there an extension to the Neutron API call "add
> security group rule" that allows for connection tracking, or this for FWaaS
> only?
>
> -Tapio
>
> On Mon, Nov 23, 2015 at 12:39 PM Fawad Khaliq <fawad at plumgrid.com> wrote:
>
>> On Mon, Nov 23, 2015 at 3:08 PM, Jakub Libosvar <jlibosva at redhat.com>
>> wrote:
>>
>>> On 11/22/2015 07:28 PM, Gal Sagie wrote:
>>> > Hi Fawad,
>>> >
>>> > From what i could understand from Miguel Angel Ajo, someone is working
>>> > on this integration and it
>>> > is suppose to be delivered as part of Mitaka.
>>> > I don't remember the person name, Miguel will sure update shortly.
>>> >
>>> > Gal.
>>>
>>> Hi Fawad, Gal,
>>>
>>> I'm the person working on ovs firewall. There is reported an rfe bug [1]
>>> to tracking it.
>>>
>>
>> Hi Kuba,
>>
>> Great. We (Kuryr team) wanted insight into the plans for this support.
>> Thanks for the note and link to the bug. I think we are all set to take the
>> discussions further.
>>
>> Fawad
>>
>>
>>> Kuba
>>>
>>> [1] https://bugs.launchpad.net/neutron/+bug/1461000
>>> >
>>> > On Sun, Nov 22, 2015 at 7:05 PM, Fawad Khaliq <fawad at plumgrid.com
>>> > <mailto:fawad at plumgrid.com>> wrote:
>>> >
>>> > Folks,
>>> >
>>> > Is there a plan to add conntrack support to the security groups for
>>> > the OVS driver in Mitaka cycle?
>>> >
>>> > My understanding is that it is being actively worked on for
>>> > networking-ovn but no concrete plan for support in the OVS Neutron
>>> > driver yet.
>>> >
>>> > Thanks,
>>> > Fawad Khaliq
>>> >
>>> >
>>> >
>>> __________________________________________________________________________
>>> > OpenStack Development Mailing List (not for usage questions)
>>> > Unsubscribe:
>>> > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> > <
>>> http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Best Regards ,
>>> >
>>> > The G.
>>> >
>>> >
>>> >
>>> __________________________________________________________________________
>>> > OpenStack Development Mailing List (not for usage questions)
>>> > Unsubscribe:
>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> >
>>>
>>>
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151123/b44a2e66/attachment.html>
More information about the OpenStack-dev
mailing list