Open Stack

Hi Belmiro,

The Neutron team is fully cognizant that we have operators large and small
using Linuxbridge. No decision will be made without involving you

Regards

On Thu, Nov 14, 2019 at 3:59 AM Belmiro Moreira <
moreira.belmiro.email.lists at gmail.com> wrote:

> Hi,
> Akihiro, thanks for you summary.
>
> We use the linuxbridge driver because its simplicity and the match with
> the old nova-network schema (yes, are we still migrating).
>
> The functionality gap between ovs driver and linuxbridge is a good think
> in my view.
> It allows operators to chose the best solution considering their
> deployment use case and scale.
>
> Slawek, Miguel please keep us in the discussions.
>
> Belmiro
> CERN
>
>
> On Wed, Nov 13, 2019 at 7:22 PM Sean Mooney <smooney at redhat.com> wrote:
>
>> On Tue, 2019-11-12 at 14:53 +0100, Slawek Kaplonski wrote:
>> > Stateless security groups
>> > =========================
>> >
>> > Old RFE [21] was approved for neutron-fwaas project but we all agreed
>> that this
>> > should be now implemented for security groups in core Neutron.
>> > People from Nuage are interested in work on this in upstream.
>> > We should probably also explore how easy/hard it will be to implement
>> it in
>> > networking-ovn backend.
>>
>> for what its worth we implemented this 4 years ago and it was breifly
>> used in production trial deployment
>> in a telco deployment but i dont think it ever went to full production as
>> they went wtih sriov instead
>> https://review.opendev.org/#/c/264131/ as part of this RFE
>> https://bugs.launchpad.net/neutron/+bug/1531205 which was
>> closed as wont fix
>> https://bugs.launchpad.net/neutron/+bug/1531205/comments/14
>> as it was view that this was not the correct long term direction for the
>> community.
>> this is the summit presentation for austin for anyone that does not
>> rememebr this effort
>>
>>
>> https://www.openstack.org/videos/summits/austin-2016/tired-of-iptables-based-security-groups-heres-how-to-gain-tremendous-speed-with-open-vswitch-instead
>>
>> im not sure how the new proposal differeres form our previous proposal
>> for the same
>> feautre but the main pushback we got was that the securtiy group api is
>> assumed to be stateful
>> and that is why this was rejected. form our mesurments at the time we
>> expected the stateless approch
>> to scale better then contrack driver so it woudl be nice to see a
>> stateless approch avialable.
>> i never got around to deleteing our implemenation form
>> networking-ovs-dpdk
>>
>> https://opendev.org/x/networking-ovs-dpdk/src/branch/master/networking_ovs_dpdk/agent/ovs_dpdk_firewall.py
>> but i has not been tested our updated really for the last 2 years but it
>> could be used as a basis of this effort
>> if nuage does not have a poc already.
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20191114/bd8c7948/attachment-0001.html>