On Mon, Jun 30, 2014 at 2:11 PM, Paul Ward <wpward at linux.vnet.ibm.com> wrote: > The current design for ovs-neutron-agent is that it will wipe out all flows > configured on the system when it starts up, recreating them for each neutron > port it's aware of. This has a not-so-desirable side effects that there's a > temporary hiccup in network connectivity for the VMs on the host. > > My questions to the list: Is there a reason it was designed this way (other > than "Everything on the system must be managed by OpenStack")? Is there > ongoing work to address this or would it be a worthwhile contribution from > our side? > This was actually the result of a bug fix in Juno-1 [1]. As reported by the TripleO folks, having the agent default to setting up a "NORMAL" flow added may have allowed for VMs to talk to each other, but it was also a huge security hole. I'm curious what ideas you have around this, though. Thanks, Kyle [1] https://bugs.launchpad.net/tripleo/+bug/1290486 and https://bugs.launchpad.net/neutron/+bug/1324703 > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev