On Thu, 27 Jul 2023 at 20:52, Francois wrote:
>
> Hello!
> Our use case is to have fine grained policies for egress traffic, and there
> are existing products implementing this filtering using DNS names (the NGFW
> firewalls doing L7 filtering).
> As basically all the traffic i
Hello!
we use OVN through OVN-Kubernetes. OVN-Kubernetes provides an
"EgressFirewall" custom resource that complements Kubernetes NetworkPolicies
and allows to define ACL using DNS names.
OVN-Kubernetes resolves (soon with the help of CoreDNS) the names defined in
the resources, then installs the
On Fri, 2 Dec 2022 at 08:01, Ales Musil wrote:
>
>
> On Fri, Dec 2, 2022 at 7:57 AM Francois via discuss <
> ovs-discuss@openvswitch.org> wrote:
>
>> Greetings
>> We run ovs 2.17 on our stacks, and we use ovn through OVN-Kubernetes
>>
>> I notice that
Greetings
We run ovs 2.17 on our stacks, and we use ovn through OVN-Kubernetes
I notice that when tracing a flow that goes through an ovn
loadbalancer, I get a "no live bucket" message, and ofproto/trace does
not give the full trace of the packet:
ovs-appctl ofproto/trace br-int
in_port=27,dl_dst
a plan to rewrite ovn-controller in ddlog, but it is more
> complex than northd and there are different options moving forward, and the
> timeline is even less clear.
>
> Thanks,
> Han
Thanks!
Francois
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
On Tue, 4 May 2021 at 17:03, Numan Siddique wrote:
>
> On Sat, May 1, 2021 at 6:32 AM Francois wrote:
> >
> > Hi Open vSwitch
> > I am running an OVN stack with a dozen chassis, all of them able to
> > act as gateways.
> > I have many VMs without floating I
is NULL and is dereferenced a few lines below.
ovn d41a337fe3b608a8f90de8722d148344011f0bd8 (from 12APR)
(for the record, the actual command I am running now is
ovs-vsctl remove open . external-ids ovn-chassis-mac-mappings
)
Regards
Francois
___
discuss mai
details of ddlog and the syntax of flows, I
would love to get some feedback on the idea, maybe there is something
fundamentally broken with my design, or maybe there is a smarter way
to achieve this?
Thanks
Francois
___
discuss mailing list
disc...@openvswitch
chassis in the group or returning true (when a_ch_grp->n_ha_chassis == 2)
above.
I don't think practically anyone would run with only 2 chassis acting as gateway
though!
Thanks
Francois
___
discuss mailing list
disc...@openvswitch.org
https://
On Tue, 27 Apr 2021 at 23:08, Numan Siddique wrote:
>
> On Tue, Apr 27, 2021 at 4:58 PM Francois wrote:
> >
> > On Tue, 27 Apr 2021 at 22:20, Numan Siddique wrote:
> > >
> > > On Tue, Apr 27, 2021 at 9:11 AM Francois
> > > wrote:
> > > &g
On Tue, 27 Apr 2021 at 22:20, Numan Siddique wrote:
>
> On Tue, Apr 27, 2021 at 9:11 AM Francois wrote:
> >
> The ovn-controller running on chassis-1 will not detect the BFD failover.
Thanks for your answer! Ok for chassis-1.
What I don't understand is why chassis-2, who i
Hello OpenvSwitch!
I have 2 chassis with external connectivity, chassis-1 hosts port-1
and chassis-2 hosts port-2. SNAT is done through a gateway hosted on
chassis-1, and both chassis exchange BFD. There is no floating IP.
I see chassis-1 does not have any flow for tunnelling, which is logic
since
12 matches
Mail list logo
