[openstack-dev] [ovs] [neutron] openvswitch flows firewall driver

Slawomir Kaplonski skaplons at redhat.com
Mon Jun 11 13:23:02 UTC 2018


Hi,

I’m not sure about Queens but recently with [1] we switched default security group driver in devstack to „openvswitch”.
Since at least month we have scenario gate job with this SG driver running as voting and gating.
Currently, after switch devstack default driver to openvswitch it’s tested in many jobs in Neutron.

[1] https://review.openstack.org/#/c/568297/

> Wiadomość napisana przez Tobias Urdin <tobias.urdin at crystone.com> w dniu 11.06.2018, o godz. 05:20:
> 
> Hello everybody,
> I'm cross-posting this with operators list.
> 
> The openvswitch flows-based stateful firewall driver which uses the
> conntrack support in Linux kernel >= 4.3 (iirc) has been
> marked as experimental for several releases now, is there any
> information about flaws in this and why it should not be used in production?
> 
> It's still marked as experimental or missing documentation in the
> networking guide [1].
> 
> And to operators; is anybody running the OVS stateful firewall in
> production? (firewall_driver = openvswitch)
> 
> Appreciate any feedback :)
> Best regards
> 
> [1] https://docs.openstack.org/neutron/queens/admin/config-ovsfwdriver.html
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

— 
Slawek Kaplonski
Senior software engineer
Red Hat




More information about the OpenStack-dev mailing list