<div dir="ltr">Hi Tapio,<div><br></div><div>This is an improvement in the lower implementation layer where to support security groups, previously, we needed to have both OVS and linux bridges. With an improvement in OVS, this can be avoided and we will only need OVS bridge. This does not affect the user interface to security groups in terms of API nor it is a new functionality from a user point of view. Please see this bug [1] for more details. Hope that clarifies.</div><div><br></div><div>P.S. Here's a link [2], which capture some internals of networking that you might be interested in :-)</div><div><br></div><div>[1] <a href="https://bugs.launchpad.net/neutron/+bug/1461000">https://bugs.launchpad.net/neutron/+bug/1461000</a></div><div>[2] <a href="https://www.rdoproject.org/networking/networking-in-too-much-detail/">https://www.rdoproject.org/networking/networking-in-too-much-detail/</a></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">Fawad Khaliq<div><br></div></div></div></div>
<br><div class="gmail_quote">On Mon, Nov 23, 2015 at 3:55 PM, Tapio Tallgren <span dir="ltr"><<a href="mailto:tapiotallgren@gmail.com" target="_blank">tapiotallgren@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>Sorry for the stupid question, but how will I use the connection tracking in security groups? Is there an extension to the Neutron API call "add security group rule" that allows for connection tracking, or this for FWaaS only?</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-Tapio</div></font></span></div><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote"><div dir="ltr">On Mon, Nov 23, 2015 at 12:39 PM Fawad Khaliq <<a href="mailto:fawad@plumgrid.com" target="_blank">fawad@plumgrid.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Nov 23, 2015 at 3:08 PM, Jakub Libosvar <span dir="ltr"><<a href="mailto:jlibosva@redhat.com" target="_blank">jlibosva@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span>On 11/22/2015 07:28 PM, Gal Sagie wrote:<br>
> Hi Fawad,<br>
><br>
> From what i could understand from Miguel Angel Ajo, someone is working<br>
> on this integration and it<br>
> is suppose to be delivered as part of Mitaka.<br>
> I don't remember the person name, Miguel will sure update shortly.<br>
><br>
> Gal.<br>
<br>
</span>Hi Fawad, Gal,<br>
<br>
I'm the person working on ovs firewall. There is reported an rfe bug [1]<br>
to tracking it.<br></blockquote><div> </div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>Hi Kuba,</div><div><br></div><div>Great. We (Kuryr team) wanted insight into the plans for this support. Thanks for the note and link to the bug. I think we are all set to take the discussions further. </div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> </div><div>Fawad</div></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Kuba<br>
<br>
[1] <a href="https://bugs.launchpad.net/neutron/+bug/1461000" rel="noreferrer" target="_blank">https://bugs.launchpad.net/neutron/+bug/1461000</a><br>
<span>><br>
> On Sun, Nov 22, 2015 at 7:05 PM, Fawad Khaliq <<a href="mailto:fawad@plumgrid.com" target="_blank">fawad@plumgrid.com</a><br>
</span><span>> <mailto:<a href="mailto:fawad@plumgrid.com" target="_blank">fawad@plumgrid.com</a>>> wrote:<br>
><br>
> Folks,<br>
><br>
> Is there a plan to add conntrack support to the security groups for<br>
> the OVS driver in Mitaka cycle?<br>
><br>
> My understanding is that it is being actively worked on for<br>
> networking-ovn but no concrete plan for support in the OVS Neutron<br>
> driver yet.<br>
><br>
> Thanks,<br>
> Fawad Khaliq<br>
><br>
><br>
> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe:<br>
> <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
</span>> <<a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>><br>
<div><div>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Best Regards ,<br>
><br>
> The G.<br>
><br>
><br>
> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div></div></div>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div>
</div></div><br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>