Thank you for your reply, Glad to know there is a workaround, i am little noob to OVN, could you explain how to set higher priority ACL using "openstack security group rule" command, because most of my users using terrafrom to deploy vms and play with security-group and how do i tell allow-stateless when create group using openstack clients?
On Fri, Sep 10, 2021 at 3:54 PM Odintsov Vladislav <vlodint...@croc.ru> wrote: > > Hi, > > with OVN 21.06+ you can create overriding ACLs with higher priority > than you currently have, with special "allow-stateless" verb, which ensures > packets bypassing conntrack. > > Regards, > Vladislav Odintsov > > On 10 Sep 2021, at 22:49, Satish Patel <satish....@gmail.com> wrote: > > Folk, > > We are a large shop of UDP applications so trying to find a way to > disable the conntrack for the entire UDP protocol stack, I did google > and dig into some ovn documentation but did not find any workaround > which allows disabling a conntrack on UDP protocol. > > Or another option i was thinking of is to disable ACL in OVS entirely > and then i will use iptables on vm because that way i can disable > conntrack using iptables. > > Anyone have any idea what to do if possible? > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
