Re: [openstack-dev] [Neutron] Security Groups OVS conntrack support

2015-11-24 Thread Tapio Tallgren
Thanks! I got it now: OpenStack already allows all "related" connections, and you need connection tracking for that. This was not very clear to me from the documentation... -Tapio On Mon, Nov 23, 2015 at 10:14 PM Russell Bryant wrote: > On 11/23/2015 02:16 PM, Kevin Benton

Re: [openstack-dev] [Neutron] Security Groups OVS conntrack support

2015-11-23 Thread Tapio Tallgren
Hi, Sorry for the stupid question, but how will I use the connection tracking in security groups? Is there an extension to the Neutron API call "add security group rule" that allows for connection tracking, or this for FWaaS only? -Tapio On Mon, Nov 23, 2015 at 12:39 PM Fawad Khaliq

Re: [openstack-dev] How does instance's tap device macaddress generate?

2015-06-16 Thread Tapio Tallgren
On 11.06.2015 18:52, Andreas Scheuring wrote: Maybe this helps (taken from [1]) Actually there is one way that the MAC address of the tap device affects proper operation of guest networking - if you happen to set the tap device's MAC identical to the MAC used by the guest, you will get errors

Re: [openstack-dev] [neutron] OpenFlow security groups (pre-benchmarking plan)

2015-02-25 Thread Tapio Tallgren
Hi, The RFC2544 with near zero packet loss is a pretty standard performance benchmark. It is also used in the OPNFV project ( ). Does this mean that OpenStack will have stateful firewalls (or security groups)? Any

Re: [openstack-dev] [nova] Core pinning

2013-11-15 Thread Tapio Tallgren
Hi, The use cases fro CPU pinning are exactly like discussed above: (1) lowering guest scheduling latencies and (2) improving networking latencies by pinning the SR-IOV IRQ's to specific cores. There is also a third use case, (3) avoiding long latencies with spinlocks. On Wed, Nov 13, 2013 at