Hi Satish, I just tested openvswitch firewall driver. It is looking good, I mean no error after changed, but we need config live migrate like that: ----------------- neutron.conf ----------------- [nova] live_migration_events = True ------------------------------------------------ ----------------- nova.conf ----------------- [DEFAULT] vif_plugging_timeout = 600 vif_plugging_is_fatal = true debug = True [compute] live_migration_wait_for_vif_plug = True [workarounds] enable_qemu_monitor_announce_self = True ----------------- openvswitch_agent.ini----------------- [securitygroup] firewall_driver = openvswitch [ovs] openflow_processed_per_port = true These configs from the openstack community. You can prefer from docs. With native firewall backend you must "live_migration_events = True", without it, some instances cannot ping (you need to log in via console to wake up these instances) after live migrate, you can test. I am planning to test like https://thesaitech.wordpress.com/2019/02/15/a-comparative-study-of-openstack... to see what benefit ovs with native backend will bring to us. Nguyen Huu Khoi On Tue, Aug 1, 2023 at 11:30 PM Satish Patel <satish.txt@gmail.com> wrote:
Folks,
Who is running the OVS firewall driver (firewall_driver = openvswitch) in production and are there any issues with running it which I may not be aware of? We are not yet ready for OVN deployments so have to stick with OVS.
LinuxBridge is at the end of its life trying to get rid of any dependency.
[securitygroup] firewall_driver = openvswitch