[openstack-dev] [ovn][neutron] networking-ovn 1.0.0 release (newton) -- port-security

Richard Theis rtheis at us.ibm.com
Wed Oct 12 14:18:57 UTC 2016


Murali R <muralirdev at gmail.com> wrote on 10/11/2016 01:47:24 PM:

> From: Murali R <muralirdev at gmail.com>
> To: "OpenStack Development Mailing List (not for usage questions)" 
> <openstack-dev at lists.openstack.org>, discuss <discuss at openvswitch.org>
> Date: 10/11/2016 01:50 PM
> Subject: [openstack-dev] [ovn][neutron] networking-ovn 1.0.0 release
> (newton) -- port-security
> 
> Hi,
> 
> Please clarify if port security is required to be enabled with 
> newton release when installing OVN. The install.rst says it must be.

Disabling port security should work with networking-ovn. This can be
done via the extension or at a port or network level. OVN acls shouldn't
be created for port with port security disabled.

- Richard

> In many of my use cases I want to disable port security which is how
> I do currently with devstack. I would like to know if either ovn or 
> neutron will have contentions if port-security disabled at neutron 
server.
> 
> Thanks
> Murali
> 
> ---------- Forwarded message ----------
> From: <no-reply at openstack.org>
> Date: Thu, Oct 6, 2016 at 6:21 AM
> Subject: [openstack-announce] [new][neutron] networking-ovn 1.0.0 
> release (newton)
> To: openstack-announce at lists.openstack.org
> 
> 
> We are jazzed to announce the release of:
> 
> networking-ovn 1.0.0: OpenStack Neutron integration with OVN
> 
> This release is part of the newton release series.
> 
> With source available at:
> 
>     http://git.openstack.org/cgit/openstack/networking-ovn
> 
> With package available at:
> 
>     https://pypi.python.org/pypi/networking-ovn
> 
> Please report issues through launchpad:
> 
>     http://bugs.launchpad.net/networking-ovn
> 
> For more details, please see below.
> 
> 1.0.0
> ^^^^^
> 
> New Features
> 
> * Initial release of the OpenStack Networking service (neutron)
>   integration with Open Virtual Network (OVN), a component of the the
>   Open vSwitch (http://openvswitch.org/) project. OVN provides the
>   following features either via native implementation or conventional
>   agents:
> 
>   * Layer-2 (native OVN implementation)
> 
>   * Layer-3 (native OVN implementation or conventional layer-3
>     agent) The native OVN implementation supports distributed routing.
>     However, it currently lacks support for floating IP addresses,
>     NAT, and the metadata proxy.
> 
>   * DHCP (native OVN implementation or conventional DHCP agent) The
>     native implementation supports distributed DHCP. However, it
>     currently lacks support for IPv6, internal DNS, and metadata
>     proxy.
> 
>   * Metadata (conventional metadata agent)
> 
>   * DPDK - Usable with OVS via either the Linux kernel datapath or
>     the DPDK datapath.
> 
>   * Trunk driver - Driver to back the neutron's 'trunk' service
>     plugin
> 
>   The initial release also supports the following Networking service
>   API extensions:
> 
>   * "agent"
> 
>   * "Address Scopes" *
> 
>   * "Allowed Address Pairs"
> 
>   * "Auto Allocated Topology Services"
> 
>   * "Availability Zone"
> 
>   * "Default Subnetpools"
> 
>   * "DHCP Agent Scheduler" **
> 
>   * "Distributed Virtual Router" *
> 
>   * "DNS Integration" *
> 
>   * "HA Router extension" *
> 
>   * "L3 Agent Scheduler" *
> 
>   * "Network Availability Zone" **
> 
>   * "Network IP Availability"
> 
>   * "Neutron external network"
> 
>   * "Neutron Extra DHCP opts"
> 
>   * "Neutron Extra Route"
> 
>   * "Neutron L3 Configurable external gateway mode" *
> 
>   * "Neutron L3 Router"
> 
>   * "Network MTU"
> 
>   * "Port Binding"
> 
>   * "Port Security"
> 
>   * "Provider Network"
> 
>   * "Quality of Service"
> 
>   * "Quota management support"
> 
>   * "RBAC Policies"
> 
>   * "Resource revision numbers"
> 
>   * "Router Availability Zone" *
> 
>   * "security-group"
> 
>   * "standard-attr-description"
> 
>   * "Subnet Allocation"
> 
>   * "Tag support"
> 
>   * "Time Stamp Fields"
> 
>   (*) Only applicable if using the conventional layer-3 agent.
> 
>   (**) Only applicable if using the conventional DHCP agent.
> 
> Changes in networking-ovn 1.0.0.0rc1..1.0.0
> -------------------------------------------
> 
> 16ab14c Fix for vtep port
> 8721389 Fix test waiting for ovn-northd to start
> cc52860 Update port provisioning block registration
> faaa45e Updated from global requirements
> 1335653 Update .gitreview for stable/newton
> 
> 
> Diffstat (except docs and test files)
> -------------------------------------
> 
> .gitreview                                        |  1 +
> devstack/lib/networking-ovn                       |  2 +-
> networking_ovn/common/constants.py                |  4 +-
> networking_ovn/ml2/mech_driver.py                 | 42 +++++++++-----
> requirements.txt                                  |  2 +-
> 7 files changed, 119 insertions(+), 32 deletions(-)
> 
> 
> Requirements updates
> --------------------
> 
> diff --git a/requirements.txt b/requirements.txt
> index 2650d84..5fc068d 100644
> --- a/requirements.txt
> +++ b/requirements.txt
> @@ -5 +5 @@
> -netaddr!=0.7.16,>=0.7.12 # BSD
> +netaddr!=0.7.16,>=0.7.13 # BSD
> 
> 
> 
> _______________________________________________
> OpenStack-announce mailing list
> OpenStack-announce at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
> 
__________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161012/afd3598f/attachment.html>


More information about the OpenStack-dev mailing list