Thanks! I got it now: OpenStack already allows all "related" connections,
and you need connection tracking for that. This was not very clear to me
from the documentation...
-Tapio
On Mon, Nov 23, 2015 at 10:14 PM Russell Bryant wrote:
> On 11/23/2015 02:16 PM, Kevin Benton
Security groups already use connection tracking. It's just done via a linux
bridge right now because the versions of OVS shipped with most distros have
no native conntrack support.
On Mon, Nov 23, 2015 at 2:55 AM, Tapio Tallgren
wrote:
> Hi,
>
> Sorry for the stupid
On 11/23/2015 02:16 PM, Kevin Benton wrote:
> Security groups already use connection tracking. It's just done via a
> linux bridge right now because the versions of OVS shipped with most
> distros have no native conntrack support.
This post discusses it in the context of OVN, but gets down to
On Mon, Nov 23, 2015 at 3:08 PM, Jakub Libosvar wrote:
> On 11/22/2015 07:28 PM, Gal Sagie wrote:
> > Hi Fawad,
> >
> > From what i could understand from Miguel Angel Ajo, someone is working
> > on this integration and it
> > is suppose to be delivered as part of Mitaka.
> >
Hi,
Sorry for the stupid question, but how will I use the connection tracking
in security groups? Is there an extension to the Neutron API call "add
security group rule" that allows for connection tracking, or this for FWaaS
only?
-Tapio
On Mon, Nov 23, 2015 at 12:39 PM Fawad Khaliq
Hi Tapio,
This is an improvement in the lower implementation layer where to support
security groups, previously, we needed to have both OVS and linux bridges.
With an improvement in OVS, this can be avoided and we will only need OVS
bridge. This does not affect the user interface to security
On 11/22/2015 07:28 PM, Gal Sagie wrote:
> Hi Fawad,
>
> From what i could understand from Miguel Angel Ajo, someone is working
> on this integration and it
> is suppose to be delivered as part of Mitaka.
> I don't remember the person name, Miguel will sure update shortly.
>
> Gal.
Hi Fawad,
Hi Gal,
On Sun, Nov 22, 2015 at 11:28 PM, Gal Sagie wrote:
> Hi Fawad,
>
> From what i could understand from Miguel Angel Ajo, someone is working on
> this integration and it
> is suppose to be delivered as part of Mitaka.
> I don't remember the person name, Miguel will
Hi Fawad,
>From what i could understand from Miguel Angel Ajo, someone is working on
this integration and it
is suppose to be delivered as part of Mitaka.
I don't remember the person name, Miguel will sure update shortly.
Gal.
On Sun, Nov 22, 2015 at 7:05 PM, Fawad Khaliq
Folks,
Is there a plan to add conntrack support to the security groups for the OVS
driver in Mitaka cycle?
My understanding is that it is being actively worked on for networking-ovn
but no concrete plan for support in the OVS Neutron driver yet.
Thanks,
Fawad Khaliq
10 matches
Mail list logo