On Oct 27, 2014, at 12:13 AM, Kumar, Ram <[email protected]> wrote:
>
> Any plans (or some work being done) on implementing a stateful firewall with
> ovs?
Yes, we're looking at leveraging some of the kernel infrastructure for this.
For example, this patch introduces support for the conntrack module, which can
be used to implement a firewall using flows:
http://openvswitch.org/pipermail/dev/2014-September/045832.html
Here is an RFC for NAT support:
http://openvswitch.org/pipermail/dev/2014-September/046411.html
I expect conntrack support to be added in the next month or two. NAT will be a
bit further out. We've also talked about using IPVS for load-balancing and
adding basic DPI support. There will be a few talks at the forthcoming OVS
Conference in November:
http://www.eventbrite.com/e/open-vswitch-fall-2014-conference-tickets-13167922611
> Would the backend if being planned uses iptables/kernel infrastructure?
We are looking to leverage kernel components but use flows to implement the
policies.
--Justin
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
