On Tue, Mar 03, 2015 at 09:53:23AM +0100, Miguel Ángel Ajo wrote:
> https://review.openstack.org/#/c/159840/1/doc/source/testing/openflow-firewall.rst
>
>
> I may need some help from the OVS experts to answer the questions from
> henry.hly.
>
> Ben, Thomas, could you please? (let me know if
https://review.openstack.org/#/c/159840/1/doc/source/testing/openflow-firewall.rst
I may need some help from the OVS experts to answer the questions from
henry.hly.
Ben, Thomas, could you please? (let me know if you are not registered to
the openstack review system, I could answer in your na
Ok, I moved the document here [1], and I will eventually submit another patch
with the testing scripts when those are ready.
Let’s move the discussion to the review!,
Best,
Miguel Ángel Ajo
[1] https://review.openstack.org/#/c/159840/
On Friday, 27 de February de 2015 at 7:03, Kevin Benton wro
Sounds promising. We'll have to evaluate it for feature parity when the
time comes.
On Thu, Feb 26, 2015 at 8:21 PM, Ben Pfaff wrote:
> This sounds quite similar to the planned support in OVN to "gateway" a
> logical network to a particular VLAN on a physical port, so perhaps it
> will be suffic
This sounds quite similar to the planned support in OVN to "gateway" a
logical network to a particular VLAN on a physical port, so perhaps it
will be sufficient.
On Thu, Feb 26, 2015 at 05:58:40PM -0800, Kevin Benton wrote:
> If a port is bound with a VLAN segmentation type, it will get a VLAN id
If a port is bound with a VLAN segmentation type, it will get a VLAN id and
a name of a physical network that it corresponds to. In the current plugin,
each agent is configured with a mapping between physical networks and OVS
bridges. The agent takes the bound port information and sets up rules to
What kind of VLAN support would you need?
On Thu, Feb 26, 2015 at 02:05:41PM -0800, Kevin Benton wrote:
> If OVN chooses not to support VLANs, we will still need the current OVS
> reference anyway so it definitely won't be wasted work.
>
> On Thu, Feb 26, 2015 at 2:56 AM, Miguel Angel Ajo Pelayo
If OVN chooses not to support VLANs, we will still need the current OVS
reference anyway so it definitely won't be wasted work.
On Thu, Feb 26, 2015 at 2:56 AM, Miguel Angel Ajo Pelayo <
majop...@redhat.com> wrote:
>
> Sharing thoughts that I was having:
>
> May be during the next summit it’s wor
Sharing thoughts that I was having:
May be during the next summit it’s worth discussing the future of the
reference agent(s), I feel we’ll be replicating a lot of work across
OVN/OVS/RYU(ofagent) and may be other plugins,
I guess until OVN and it’s integration are ready we can’t stop, so it ma
On Thursday, 26 de February de 2015 at 7:48, Miguel Ángel Ajo wrote:
> Inline comments follow after this, but I wanted to respond to Brian question
> which has been cut out:
>
> We’re talking here of doing a preliminary analysis of the networking
> performance,
> before writing any real code at
On Thu, Feb 26, 2015 at 07:48:51AM +0100, Miguel Ángel Ajo wrote:
> Also, ipset groups can be moved into conjunctive groups in OF (thanks Ben
> Pfaff for the
> explanation, if you’re reading this ;-))
You're welcome.
__
Open
Inline comments follow after this, but I wanted to respond to Brian question
which has been cut out:
We’re talking here of doing a preliminary analysis of the networking
performance,
before writing any real code at neutron level.
If that looks right, then we should go into a preliminary (and ort
Hi,
The RFC2544 with near zero packet loss is a pretty standard performance
benchmark. It is also used in the OPNFV project (
https://wiki.opnfv.org/characterize_vswitch_performance_for_telco_nfv_use_cases
).
Does this mean that OpenStack will have stateful firewalls (or security
groups)? Any oth
On 02/25/2015 05:52 AM, Miguel Ángel Ajo wrote:
I’m writing a plan/script to benchmark OVS+OF(CT) vs
OVS+LB+iptables+ipsets,
so we can make sure there’s a real difference before jumping into any
OpenFlow security group filters when we have connection tracking in OVS.
The plan is to keep all of i
On 02/25/2015 08:52 AM, Miguel Ángel Ajo wrote:
> I’m writing a plan/script to benchmark OVS+OF(CT) vs OVS+LB+iptables+ipsets,
> so we can make sure there’s a real difference before jumping into any
> OpenFlow security group filters when we have connection tracking in OVS.
>
> The plan is to keep
On Wed, Feb 25, 2015 at 8:49 AM, Miguel Ángel Ajo
wrote:
> On Wednesday, 25 de February de 2015 at 15:38, Kyle Mestery wrote:
>
> On Wed, Feb 25, 2015 at 7:52 AM, Miguel Ángel Ajo
> wrote:
>
> I’m writing a plan/script to benchmark OVS+OF(CT) vs
> OVS+LB+iptables+ipsets,
> so we can make sure t
On Wednesday, 25 de February de 2015 at 15:38, Kyle Mestery wrote:
> On Wed, Feb 25, 2015 at 7:52 AM, Miguel Ángel Ajo (mailto:majop...@redhat.com)> wrote:
> > I’m writing a plan/script to benchmark OVS+OF(CT) vs
> > OVS+LB+iptables+ipsets,
> > so we can make sure there’s a real difference befo
On Wed, Feb 25, 2015 at 7:52 AM, Miguel Ángel Ajo
wrote:
> I’m writing a plan/script to benchmark OVS+OF(CT) vs
> OVS+LB+iptables+ipsets,
> so we can make sure there’s a real difference before jumping into any
> OpenFlow security group filters when we have connection tracking in OVS.
>
> The pla
I’m writing a plan/script to benchmark OVS+OF(CT) vs OVS+LB+iptables+ipsets,
so we can make sure there’s a real difference before jumping into any
OpenFlow security group filters when we have connection tracking in OVS.
The plan is to keep all of it in a single multicore host, and make all the
19 matches
Mail list logo
