> Yes, I see also that. That why I would like to see performance. > But it seem that only first packet of a flow is going to the controller. > > (But I don't known what is the size of a flow ? how many packets ?)
AFAIK we do not need to use a controller - we just setup flow table statically using ovs-ofctl. > >>Some recent OVS addition allows at least to match tcp_flags, but this > >>is not comparable with real (iptables) connection tracking. I will do > >>further tests. > > Yes, this is also discussed here : > https://wiki.openstack.org/wiki/Neutron/blueprint_ovs-firewall-driver > > "My preferred implementation is 'stateless ACLs with tcp_flags=ack' to emulate > stateful behavior (at least in TCP) because reflexive learning is not as > performant." I will try to setup a test script for that. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
