Hi, (sorry for using incorrect threading) > > About 2 weeks ago I did some light testing with the conntrack security > > group driver and the newly > > > > Merged upserspace conntrack support in ovs. > > By 'recently' - whether you mean patch v4 http://openvswitch.org/pipermail/dev/2016-June/072700.html or you used OVS 2.5 itself (which I think includes v2 of the same patch series)?
So in general - I am a bit confused about conntrack support in OVS. OVS 2.5 release notes http://openvswitch.org/pipermail/announce/2016-February/000081.html state: "This release includes the highly anticipated support for connection tracking in the Linux kernel. This feature makes it possible to implement stateful firewalls and will be the basis for future stateful features such as NAT and load-balancing. Work is underway to bring connection tracking to the userspace datapath (used by DPDK) and the port to Hyper-V." - in the way that 'work is underway' (=work is ongoing) means that a time of OVS 2.5 release the feature was not 'classified' as ready? BR, Konstantin > On Sat, Aug 6, 2016 at 8:16 PM, Mooney, Sean K <sean.k.moo...@intel.com> > wrote: > > Hi just a quick fyi, > > > > About 2 weeks ago I did some light testing with the conntrack security > > group driver and the newly > > > > Merged upserspace conntrack support in ovs. > > > > > > > > I can confirm that at least form my initial smoke tests where I > > > > Uses netcat ping and ssh to try and establish connections between two > > vms the > > > > Conntrack security group driver appears to function correctly with the > > userspace connection tracker. > > > > > > > > We have not looked at any of the performance yet but assuming it is at > > an acceptable level I am planning to > > > > Deprecate the learn action based driver in networking-ovs-dpdk and > > remove it once we have cut the stable newton > > > > Branch. > > > > > > > > We hope to do some rfc 2544 throughput testing to evaluate the > > performance sometime mid-September. > > > > Assuming all goes well I plan on enabling the conntrack based security > > group driver by default when the > > > > Networking-ovs-dpdk devstack plugin is loaded. We will also evaluate > > enabling the security group tests > > > > In our third party ci to ensure it continues to function correctly > > with ovs-dpdk. > > > > > > > > Regards > > > > Seán > > > > > > > > > > > _________________________________________________________________ > _____ > > ____ OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _________________________________________________________________ > _________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
