On 12/15/2016 02:29 AM, Shravan S K wrote:
On 14 December 2016 at 00:47, Ben Pfaff <[email protected] <mailto:[email protected]>> wrote:OVN is an SDN controller. > Most SDN controllers are platforms. OVN is an application. Could you clarify this, please? And, is microsegmentation(for example VMWare NSX, Cisco ACI) possible using OVN?
Fine-grained ACLs/firewall rules are possible via OVS' integration with the kernel conntrack module (leveraged by OVN). However, OVN lacks any sort of policy engine that would make managing these ACLs/firewall rules possible at any reasonable scale---that policy functionality is pushed off to the CMS (OpenStack or other).
I hope this helps. -- Scott _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
