That’s super nice ;) !!! :D I’m prototyping over here [1] to gather some benchmarks for the summit presentation about “Taking Security Groups To Ludicrous Speed with Open vSwitch” with Ivar, Justin and Thomas.
I know Justin and Joe have been doing good advances on it ;) [3] lately. [1] https://review.openstack.org/#/c/167671/ [2] https://github.com/justinpettit/ovs/tree/conntrack [3] https://github.com/justinpettit/ovs/commits/conntrack Miguel Ángel Ajo On Tuesday, 31 de March de 2015 at 9:34, Kevin Benton wrote: > Very cool. What's the latest status on data-plane support for the conntrack > based things like firewall rules and conntrack integration? > > On Mon, Mar 30, 2015 at 7:19 PM, Russell Bryant <[email protected] > (mailto:[email protected])> wrote: > > On 03/26/2015 07:54 PM, Russell Bryant wrote: > > > Gary and Kyle, I saw in my IRC backlog that you guys were briefly > > > talking about testing the Neutron ovn ml2 driver. I suppose it's time > > > to add some more code to the devstack integration to install the current > > > ovn branch and set up ovsdb-server to serve up the right database for > > > this. I'll try to work on that tomorrow. Of course, note that all we > > > can set up right now is the northbound database. None of the code that > > > reacts to updates to that database is merged yet. We can still go ahead > > > and test our code and make sure the expected data makes it there, though. > > > > With help from Kyle Mestery, Gary Kotton, and Gal Sagie, some great > > progress has been made over the last few days. Devstack support has > > merged and the ML2 driver seems to be doing the right thing. > > > > After devstack runs, you can see that the default networks created by > > devstack are in the OVN db: > > > > > $ neutron net-list > > > +--------------------------------------+---------+--------------------------------------------------+ > > > | id | name | subnets > > > | > > > +--------------------------------------+---------+--------------------------------------------------+ > > > | 1c4c9a38-afae-40aa-a890-17cd460b314b | private | > > > 115f27d1-5330-489e-b81f-e7f7da123a31 10.0.0.0/24 (http://10.0.0.0/24) | > > > | 69fc7d7c-6906-43e7-b5e2-77c059cf4143 | public | > > > 6b5c1597-4af8-4ad3-b28b-a4e83a07121b | > > > +--------------------------------------+---------+--------------------------------------------------+ > > > > > $ ovn-nbctl lswitch-list > > > 47135494-6b36-4db9-8ced-3bdc9b711ca9 > > > (neutron-1c4c9a38-afae-40aa-a890-17cd460b314b) > > > 03494923-48cf-4af5-a391-ed48fe180c0b > > > (neutron-69fc7d7c-6906-43e7-b5e2-77c059cf4143) > > > > > $ ovn-nbctl lswitch-get-external-id > > > neutron-1c4c9a38-afae-40aa-a890-17cd460b314b > > > neutron:network_id=1c4c9a38-afae-40aa-a890-17cd460b314b > > > neutron:network_name=private > > > > > $ ovn-nbctl lswitch-get-external-id > > > neutron-69fc7d7c-6906-43e7-b5e2-77c059cf4143 > > > neutron:network_id=69fc7d7c-6906-43e7-b5e2-77c059cf4143 > > > neutron:network_name=public > > > > You can also create ports and see those reflected in the OVN db: > > > > > $ neutron port-create 1c4c9a38-afae-40aa-a890-17cd460b314b > > > Created a new port: > > > +-----------------------+---------------------------------------------------------------------------------+ > > > | Field | Value > > > | > > > +-----------------------+---------------------------------------------------------------------------------+ > > > | admin_state_up | True > > > | > > > | allowed_address_pairs | > > > | > > > | binding:vnic_type | normal > > > | > > > | device_id | > > > | > > > | device_owner | > > > | > > > | fixed_ips | {"subnet_id": > > > "115f27d1-5330-489e-b81f-e7f7da123a31", "ip_address": "10.0.0.3"} | > > > | id | e7c080ad-213d-4839-aa02-1af217a6548c > > > | > > > | mac_address | fa:16:3e:07:9e:68 > > > | > > > | name | > > > | > > > | network_id | 1c4c9a38-afae-40aa-a890-17cd460b314b > > > | > > > | security_groups | be68fd4e-48d8-46f2-8204-8a916ea6f348 > > > | > > > | status | DOWN > > > | > > > | tenant_id | ed782253a54c4e0a8b46e275480896c9 > > > | > > > +-----------------------+---------------------------------------------------------------------------------+ > > > > List ports on the logical switch named neutron-1c4c9a38...: > > > > > $ ovn-nbctl lport-list neutron-1c4c9a38-afae-40aa-a890-17cd460b314b > > > ... > > > 96432697-df3c-472a-b48a-9f844764d4bf > > > (neutron-e7c080ad-213d-4839-aa02-1af217a6548c) > > > > We can also see that the proper MAC address was set on that port: > > > > > $ ovn-nbctl lport-get-macs neutron-e7c080ad-213d-4839-aa02-1af217a6548c > > > fa:16:3e:07:9e:68 > > > > -- > > Russell Bryant > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: [email protected]?subject:unsubscribe > > (http://[email protected]?subject:unsubscribe) > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > -- > Kevin Benton > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > (mailto:[email protected]?subject:unsubscribe) > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
