[openstack-dev] [neutron] what is the different between ovs-ofctl and iptalbes? Can we use ovs-ofctl to nat floating ip into fixed ip if we use openvswitch agent?
Baohua Yang
yangbaohua at gmail.com
Tue Nov 4 08:30:58 UTC 2014
As I remember, ovs does not support binding-on veth rules.
Hence now we might need tools like iptables.
However, this might change in future.
As to the l3 part, should be handled in more efficient way, e.g., NFV.
On Tue, Nov 4, 2014 at 2:29 PM, loy wolfe <loywolfe at gmail.com> wrote:
> maybe two reasons: performance caused by flow miss; feature parity
>
> L3+ flow table destroy the megaflow aggregation, so if your app has
> many concurrent sessions like web server, flow miss upcall would make
> vswitchd corrupted.
>
> iptable is already there, migrating it to ovs flow table needs a lot
> of extra development, not to say that some advanced features is lost
> (for example, stateful firewall). However ovs is considering to add
> some hook to iptable, but in the very early stage yet. Even with that,
> it is not implemented by ovs datapath flowtable, but by iptable.
>
> On Tue, Nov 4, 2014 at 1:07 PM, Li Tianqing <jazeltq at 163.com> wrote:
> > ovs is implemented open flow, in ovs, it can see the l3, why do not use
> ovs?
> >
> > --
> > Best
> > Li Tianqing
> >
> > At 2014-11-04 11:55:46, "Damon Wang" <damon.devops at gmail.com> wrote:
> >
> > Hi,
> >
> > OVS mainly focus on l2 which iptables mainly focus on l3 or higher.
> >
> > Damon Wang
> >
> > 2014-11-04 11:12 GMT+08:00 Li Tianqing <jazeltq at 163.com>:
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> Best
> >> Li Tianqing
> >>
> >>
> >>
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >>
> >
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Best wishes!
Baohua
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141104/54a1aadf/attachment.html>
More information about the OpenStack-dev
mailing list