Hi, I did take the opportunity to read through your etherpad today. Many of the solutions that you propose have been discussed in the past but there just hasn't been a traction on the problem. You did a fine job of writing this up and I think we should use your etherpad as a central point for discussion.
I know that the original DVR team also did some discussion around this and I believe had some documents with possible solutions. I don't know where those are at the moment and so I would also like to hear from them. It will be difficult to decide on a solution to this problem without first knowing how fwaas and security groups will be going forward. I look forward to some good discussions at the summit. Carl On Wed, Aug 19, 2015 at 10:56 AM, Mickey Spiegel <[email protected]> wrote: > Resending, forgot the [neutron] tag > > -----Mickey Spiegel/San Jose/IBM wrote: ----- > To: [email protected] > From: Mickey Spiegel/San Jose/IBM > Date: 08/19/2015 09:45AM > Subject: [fwaas][dvr] FWaaS with DVR > > > Currently, FWaaS behaves differently with DVR, applying to only north/south > traffic, whereas FWaaS on routers in network nodes applies to both > north/south and east/west traffic. There is a compatibility issue due to the > asymmetric design of L3 forwarding in DVR, which breaks the connection > tracking that FWaaS currently relies on. > > I started an etherpad where I hope the community can discuss the problem, > collect multiple possible solutions, and eventually try to reach consensus > about how to move forward: > https://etherpad.openstack.org/p/FWaaS_with_DVR > > I listed every possible solution that I can think of as a starting point. I > am somewhat new to OpenStack and FWaaS, so please correct anything that I > might have misrepresented. > > Please add more possible solutions and comment on the possible solutions > already listed. > > Mickey > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
