Security groups already use connection tracking. It's just done via a linux bridge right now because the versions of OVS shipped with most distros have no native conntrack support.
On Mon, Nov 23, 2015 at 2:55 AM, Tapio Tallgren <[email protected]> wrote: > Hi, > > Sorry for the stupid question, but how will I use the connection tracking > in security groups? Is there an extension to the Neutron API call "add > security group rule" that allows for connection tracking, or this for FWaaS > only? > > -Tapio > > On Mon, Nov 23, 2015 at 12:39 PM Fawad Khaliq <[email protected]> wrote: > >> On Mon, Nov 23, 2015 at 3:08 PM, Jakub Libosvar <[email protected]> >> wrote: >> >>> On 11/22/2015 07:28 PM, Gal Sagie wrote: >>> > Hi Fawad, >>> > >>> > From what i could understand from Miguel Angel Ajo, someone is working >>> > on this integration and it >>> > is suppose to be delivered as part of Mitaka. >>> > I don't remember the person name, Miguel will sure update shortly. >>> > >>> > Gal. >>> >>> Hi Fawad, Gal, >>> >>> I'm the person working on ovs firewall. There is reported an rfe bug [1] >>> to tracking it. >>> >> >> Hi Kuba, >> >> Great. We (Kuryr team) wanted insight into the plans for this support. >> Thanks for the note and link to the bug. I think we are all set to take the >> discussions further. >> >> Fawad >> >> >>> Kuba >>> >>> [1] https://bugs.launchpad.net/neutron/+bug/1461000 >>> > >>> > On Sun, Nov 22, 2015 at 7:05 PM, Fawad Khaliq <[email protected] >>> > <mailto:[email protected]>> wrote: >>> > >>> > Folks, >>> > >>> > Is there a plan to add conntrack support to the security groups for >>> > the OVS driver in Mitaka cycle? >>> > >>> > My understanding is that it is being actively worked on for >>> > networking-ovn but no concrete plan for support in the OVS Neutron >>> > driver yet. >>> > >>> > Thanks, >>> > Fawad Khaliq >>> > >>> > >>> > >>> __________________________________________________________________________ >>> > OpenStack Development Mailing List (not for usage questions) >>> > Unsubscribe: >>> > [email protected]?subject:unsubscribe >>> > < >>> http://[email protected]?subject:unsubscribe> >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> > >>> > >>> > >>> > >>> > -- >>> > Best Regards , >>> > >>> > The G. >>> > >>> > >>> > >>> __________________________________________________________________________ >>> > OpenStack Development Mailing List (not for usage questions) >>> > Unsubscribe: >>> [email protected]?subject:unsubscribe >>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> > >>> >>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> [email protected]?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Kevin Benton
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
