Hi, I use OVS as a firewall and want to log the flow-matching packets.
OVS can use controller action and the OF controller can log receiving packets. This is the neutron OVS-firewall-driver way of implementing security group logging. However, when the performance bar is high, and that's always the case in the firewall market, send-to-controller action causes a lot of load on OVS and the packet parsing side of the controller acts as the bottleneck. How can we log flow matching packets of high pps traffic efficiently? Is it wise to devise custom OVS actions, for example "export" or "log", for this use case? I think it is, but I wonder why nobody has done it yet. Any comments or suggestions will be appreciated. Best regards, Chul-Woong _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
