H, The OVS flow based Neutron firewall driver is long supported by the community and used by many operators in production, please check the documentation: https://docs.openstack.org/neutron/latest/admin/config-ovsfwdriver.html For some details how it works please check the related internals doc: https://docs.openstack.org/neutron/latest/contributor/internals/openvswitch_... Best wished Lajos (lajoskatona) Satish Patel <satish.txt@gmail.com> ezt írta (időpont: 2023. ápr. 24., H, 3:40):
Folks,
As we know, openvswitch uses a linuxbridge based firewall to implement security-groups on openstack. It works great but it has so many packet hops. It also makes troubleshooting a little complicated.
OpenvSwitch does support native firewall features in flows, Does it mature enough to implement in production and replace it with LinuxBridge based IPtables firewall?
~S