Refer the xena release notes of neutron here. https://docs.openstack.org/releasenotes/neutron/unreleased.html
Ammad On Sat, Sep 11, 2021 at 7:45 AM Satish Patel <satish....@gmail.com> wrote: > Thank you for reply, > > That does make sense, if xena has support then i can wait for it, I > believe it's about to release. > > On Fri, Sep 10, 2021 at 10:29 PM Ammad Syed <syedamma...@gmail.com> wrote: > > > > I think stateless acl with ovn backend is currently not supported in > openstack. The feature is planned and will be available in next openstack > release i.e xena. > > > > Ammad > > On Sat, Sep 11, 2021 at 1:23 AM Satish Patel <satish....@gmail.com> > wrote: > >> > >> Thank you, i am trying the following but look like it doesn't like it, > >> Openstack Doc saying it should work. (i am running latest openstack) > >> > >> # openstack security group create --stateless foo_sg > >> Error while executing command: BadRequestException: 400, Unrecognized > >> attribute(s) 'stateful' > >> > >> On Fri, Sep 10, 2021 at 4:05 PM Odintsov Vladislav <vlodint...@croc.ru> > wrote: > >> > > >> > I’m not an openstack user, so leave this question to somebody > >> > from openstack guys. > >> > > >> > Regards, > >> > Vladislav Odintsov > >> > > >> > On 10 Sep 2021, at 23:00, Satish Patel <satish....@gmail.com> wrote: > >> > > >> > Thank you for your reply, > >> > > >> > Glad to know there is a workaround, i am little noob to OVN, could you > >> > explain how to set higher priority ACL using "openstack security group > >> > rule" command, because most of my users using terrafrom to deploy vms > >> > and play with security-group and how do i tell allow-stateless when > >> > create group using openstack clients? > >> > > >> > On Fri, Sep 10, 2021 at 3:54 PM Odintsov Vladislav < > vlodint...@croc.ru> wrote: > >> > > >> > > >> > Hi, > >> > > >> > with OVN 21.06+ you can create overriding ACLs with higher priority > >> > than you currently have, with special "allow-stateless" verb, which > ensures > >> > packets bypassing conntrack. > >> > > >> > Regards, > >> > Vladislav Odintsov > >> > > >> > On 10 Sep 2021, at 22:49, Satish Patel <satish....@gmail.com> wrote: > >> > > >> > Folk, > >> > > >> > We are a large shop of UDP applications so trying to find a way to > >> > disable the conntrack for the entire UDP protocol stack, I did google > >> > and dig into some ovn documentation but did not find any workaround > >> > which allows disabling a conntrack on UDP protocol. > >> > > >> > Or another option i was thinking of is to disable ACL in OVS entirely > >> > and then i will use iptables on vm because that way i can disable > >> > conntrack using iptables. > >> > > >> > Anyone have any idea what to do if possible? > >> > _______________________________________________ > >> > discuss mailing list > >> > disc...@openvswitch.org > >> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > >> > > >> > > >> > > >> _______________________________________________ > >> discuss mailing list > >> disc...@openvswitch.org > >> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > > > -- > > Regards, > > > > > > Syed Ammad Ali > -- Regards, Syed Ammad Ali
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss