Hi Tapio, This is an improvement in the lower implementation layer where to support security groups, previously, we needed to have both OVS and linux bridges. With an improvement in OVS, this can be avoided and we will only need OVS bridge. This does not affect the user interface to security groups in terms of API nor it is a new functionality from a user point of view. Please see this bug [1] for more details. Hope that clarifies.
P.S. Here's a link [2], which capture some internals of networking that you might be interested in :-) [1] https://bugs.launchpad.net/neutron/+bug/1461000 [2] https://www.rdoproject.org/networking/networking-in-too-much-detail/ Fawad Khaliq On Mon, Nov 23, 2015 at 3:55 PM, Tapio Tallgren <tapiotallg...@gmail.com> wrote: > Hi, > > Sorry for the stupid question, but how will I use the connection tracking > in security groups? Is there an extension to the Neutron API call "add > security group rule" that allows for connection tracking, or this for FWaaS > only? > > -Tapio > > On Mon, Nov 23, 2015 at 12:39 PM Fawad Khaliq <fa...@plumgrid.com> wrote: > >> On Mon, Nov 23, 2015 at 3:08 PM, Jakub Libosvar <jlibo...@redhat.com> >> wrote: >> >>> On 11/22/2015 07:28 PM, Gal Sagie wrote: >>> > Hi Fawad, >>> > >>> > From what i could understand from Miguel Angel Ajo, someone is working >>> > on this integration and it >>> > is suppose to be delivered as part of Mitaka. >>> > I don't remember the person name, Miguel will sure update shortly. >>> > >>> > Gal. >>> >>> Hi Fawad, Gal, >>> >>> I'm the person working on ovs firewall. There is reported an rfe bug [1] >>> to tracking it. >>> >> >> Hi Kuba, >> >> Great. We (Kuryr team) wanted insight into the plans for this support. >> Thanks for the note and link to the bug. I think we are all set to take the >> discussions further. >> >> Fawad >> >> >>> Kuba >>> >>> [1] https://bugs.launchpad.net/neutron/+bug/1461000 >>> > >>> > On Sun, Nov 22, 2015 at 7:05 PM, Fawad Khaliq <fa...@plumgrid.com >>> > <mailto:fa...@plumgrid.com>> wrote: >>> > >>> > Folks, >>> > >>> > Is there a plan to add conntrack support to the security groups for >>> > the OVS driver in Mitaka cycle? >>> > >>> > My understanding is that it is being actively worked on for >>> > networking-ovn but no concrete plan for support in the OVS Neutron >>> > driver yet. >>> > >>> > Thanks, >>> > Fawad Khaliq >>> > >>> > >>> > >>> __________________________________________________________________________ >>> > OpenStack Development Mailing List (not for usage questions) >>> > Unsubscribe: >>> > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> > < >>> http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> > >>> > >>> > >>> > >>> > -- >>> > Best Regards , >>> > >>> > The G. >>> > >>> > >>> > >>> __________________________________________________________________________ >>> > OpenStack Development Mailing List (not for usage questions) >>> > Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> > >>> >>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
