[openstack-dev] [ovs] [neutron] openvswitch flows firewall driver
Tobias Urdin
tobias.urdin at crystone.com
Mon Jun 11 03:20:47 UTC 2018
Hello everybody,
I'm cross-posting this with operators list.
The openvswitch flows-based stateful firewall driver which uses the
conntrack support in Linux kernel >= 4.3 (iirc) has been
marked as experimental for several releases now, is there any
information about flaws in this and why it should not be used in production?
It's still marked as experimental or missing documentation in the
networking guide [1].
And to operators; is anybody running the OVS stateful firewall in
production? (firewall_driver = openvswitch)
Appreciate any feedback :)
Best regards
[1] https://docs.openstack.org/neutron/queens/admin/config-ovsfwdriver.html
More information about the OpenStack-dev
mailing list