[OpenvSwitch][Neutron] native flow based firewall Vs LinuxBridge Iptables firewall
Satish Patel
satish.txt at gmail.com
Mon Apr 24 17:32:44 UTC 2023
Thanks, I'll check it out.
This is great! so no harm to turn it on :)
On Mon, Apr 24, 2023 at 2:49 AM Lajos Katona <katonalala at gmail.com> wrote:
> H,
> The OVS flow based Neutron firewall driver is long supported by the
> community and used by many operators in production, please check the
> documentation:
> https://docs.openstack.org/neutron/latest/admin/config-ovsfwdriver.html
>
> For some details how it works please check the related internals doc:
>
> https://docs.openstack.org/neutron/latest/contributor/internals/openvswitch_firewall.html
>
> Best wished
> Lajos (lajoskatona)
>
> Satish Patel <satish.txt at gmail.com> ezt írta (időpont: 2023. ápr. 24., H,
> 3:40):
>
>> Folks,
>>
>> As we know, openvswitch uses a linuxbridge based firewall to implement
>> security-groups on openstack. It works great but it has so many packet
>> hops. It also makes troubleshooting a little complicated.
>>
>> OpenvSwitch does support native firewall features in flows, Does it
>> mature enough to implement in production and replace it with LinuxBridge
>> based IPtables firewall?
>>
>> ~S
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230424/f78bc2f0/attachment.htm>
More information about the openstack-discuss
mailing list