subject:"\[openstack\-dev\] \[neutron\]\[networking\-ovs\-dpdk\] conntrack security group driver with ovs\-dpdk"

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-16 Thread Mooney, Sean K



> -Original Message-
> From: Assaf Muller [mailto:as...@redhat.com]
> Sent: Monday, August 15, 2016 2:50 PM
> To: OpenStack Development Mailing List (not for usage questions)
> <openstack-dev@lists.openstack.org>
> Cc: Mooney, Sean K <sean.k.moo...@intel.com>
> Subject: Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack
> security group driver with ovs-dpdk
> 
> + Jakub.
> 
> On Wed, Aug 10, 2016 at 9:54 AM,
> <kostiantyn.volenbovs...@swisscom.com> wrote:
> > Hi,
> >> [Mooney, Sean K]
> >> In ovs 2.5 only linux kernel conntrack was supported assuming you
> had
> >> a 4.x kernel that supported it. that means that the feature was not
> >> available on bsd,windows or with dpdk.
> > Yup, I also thought about something like that.
> > I think I was at-least-slightly misguided by
> > http://docs.openstack.org/draft/networking-guide/adv-config-
> ovsfwdrive
> > r.html
> > and there is currently a statement
> > "The native OVS firewall implementation requires kernel and user
> space support for conntrack, thus requiring minimum versions of the
> Linux kernel and Open vSwitch. All cases require Open vSwitch version
> 2.5 or newer."
> 
> I agree, that statement is misleading.
[Mooney, Sean K] the 2.6 branch now exists so it is probably ok to refer to
2.6 now. https://github.com/openvswitch/ovs/commits/branch-2.6
The release should be made ~ September 15th
https://github.com/openvswitch/ovs/blob/797dad21566fecc60de3ce6f93c81ad55a61fe86/Documentation/release-process.md#release-scheduling
which will be before then next openstack release.
if you would like I can update the networking guide to refect the change in ovs.

> 
> >
> > Do you agree that this is something to change? I think it is not OK
> to state OVS 2.6 without that being released, but in case I am not
> confusing then:
> > -OVS firewall driver with OVS that uses kernel datapath requires OVS
> > 2.5 and Linux kernel 4.3 -OVS firewall driver with OVS that uses
> > userspace datapath with DPDK (aka ovs-dpdk  aka DPDK vhost-user aka
> netdev datapath) doesn't have a Linux kernel prerequisite That is
> documented in table in " ### Q: Are all features available with all
> datapaths?":
> > http://openvswitch.org/support/dist-docs/FAQ.md.txt
> > where currently 'Connection tracking' row says 'NO' for 'Userspace' -
> > but that's exactly what has been merged recently /to become feature
> of
> > OVS 2.6
> >
> > Also when it comes to performance I came across
> > http://openvswitch.org/pipermail/dev/2016-June/071982.html, but I
> would guess that devil could be the exact flows/ct actions that will be
> present in real-life scenario.
> >
> >
> > BR,
> > Konstantin
> >
> >
> >> -----Original Message-
> >> From: Mooney, Sean K [mailto:sean.k.moo...@intel.com]
> >> Sent: Tuesday, August 09, 2016 2:29 PM
> >> To: Volenbovskyi Kostiantyn, INI-ON-FIT-CXD-ELC
> >> <kostiantyn.volenbovs...@swisscom.com>; openstack-
> >> d...@lists.openstack.org
> >> Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk]
> conntrack
> >> security group driver with ovs-dpdk
> >>
> >>
> >> > -Original Message-
> >> > From: kostiantyn.volenbovs...@swisscom.com
> >> > [mailto:kostiantyn.volenbovs...@swisscom.com]
> >> > Sent: Tuesday, August 9, 2016 12:58 PM
> >> > To: openstack-dev@lists.openstack.org; Mooney, Sean K
> >> > <sean.k.moo...@intel.com>
> >> > Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk]
> >> > conntrack security group driver with ovs-dpdk
> >> >
> >> > Hi,
> >> > (sorry for using incorrect threading)
> >> >
> >> > > > About 2 weeks ago I did some light testing with the conntrack
> >> > > > security group driver and the newly
> >> > > >
> >> > > > Merged upserspace conntrack support in ovs.
> >> > > >
> >> > By 'recently' - whether you mean patch v4
> >> > http://openvswitch.org/pipermail/dev/2016-June/072700.html
> >> > or you used OVS 2.5 itself (which I think includes v2 of the same
> >> > patch series)?
> >> [Mooney, Sean K] I used http://openvswitch.org/pipermail/dev/2016-
> >> June/072700.html or specifically i used the following commit
> >>
> https://github.com/openvswitch/ovs/commit/0c87efe4b5017de4c5ae99e7b9c
> >> 3
> >> 6e8a6e846669
> >> which is just after userspac

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-15 Thread Assaf Muller

+ Jakub.

On Wed, Aug 10, 2016 at 9:54 AM,  <kostiantyn.volenbovs...@swisscom.com> wrote:
> Hi,
>> [Mooney, Sean K]
>> In ovs 2.5 only linux kernel conntrack was supported assuming you had a 4.x
>> kernel that supported it. that means that the feature was not available on
>> bsd,windows or with dpdk.
> Yup, I also thought about something like that.
> I think I was at-least-slightly misguided by
> http://docs.openstack.org/draft/networking-guide/adv-config-ovsfwdriver.html
> and there is currently a statement
> "The native OVS firewall implementation requires kernel and user space 
> support for conntrack, thus requiring minimum versions of the Linux kernel 
> and Open vSwitch. All cases require Open vSwitch version 2.5 or newer."

I agree, that statement is misleading.

>
> Do you agree that this is something to change? I think it is not OK to state 
> OVS 2.6 without that being released, but in case I am not confusing then:
> -OVS firewall driver with OVS that uses kernel datapath requires OVS 2.5 and 
> Linux kernel 4.3
> -OVS firewall driver with OVS that uses userspace datapath with DPDK (aka 
> ovs-dpdk  aka DPDK vhost-user aka netdev datapath) doesn't have a Linux 
> kernel prerequisite
> That is documented in table in " ### Q: Are all features available with all 
> datapaths?":
> http://openvswitch.org/support/dist-docs/FAQ.md.txt
> where currently 'Connection tracking' row says 'NO' for 'Userspace' - but 
> that's exactly what has been merged recently /to become feature of OVS 2.6
>
> Also when it comes to performance I came across
> http://openvswitch.org/pipermail/dev/2016-June/071982.html, but I would guess 
> that devil could be the exact flows/ct actions that will be present in 
> real-life scenario.
>
>
> BR,
> Konstantin
>
>
>> -Original Message-
>> From: Mooney, Sean K [mailto:sean.k.moo...@intel.com]
>> Sent: Tuesday, August 09, 2016 2:29 PM
>> To: Volenbovskyi Kostiantyn, INI-ON-FIT-CXD-ELC
>> <kostiantyn.volenbovs...@swisscom.com>; openstack-
>> d...@lists.openstack.org
>> Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack 
>> security
>> group driver with ovs-dpdk
>>
>>
>> > -Original Message-
>> > From: kostiantyn.volenbovs...@swisscom.com
>> > [mailto:kostiantyn.volenbovs...@swisscom.com]
>> > Sent: Tuesday, August 9, 2016 12:58 PM
>> > To: openstack-dev@lists.openstack.org; Mooney, Sean K
>> > <sean.k.moo...@intel.com>
>> > Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack
>> > security group driver with ovs-dpdk
>> >
>> > Hi,
>> > (sorry for using incorrect threading)
>> >
>> > > > About 2 weeks ago I did some light testing with the conntrack
>> > > > security group driver and the newly
>> > > >
>> > > > Merged upserspace conntrack support in ovs.
>> > > >
>> > By 'recently' - whether you mean patch v4
>> > http://openvswitch.org/pipermail/dev/2016-June/072700.html
>> > or you used OVS 2.5 itself (which I think includes v2 of the same
>> > patch series)?
>> [Mooney, Sean K] I used http://openvswitch.org/pipermail/dev/2016-
>> June/072700.html or specifically i used the following commit
>> https://github.com/openvswitch/ovs/commit/0c87efe4b5017de4c5ae99e7b9c3
>> 6e8a6e846669
>> which is just after userspace conntrack was merged,
>> >
>> > So in general - I am a bit confused about conntrack support in OVS.
>> >
>> > OVS 2.5 release notes http://openvswitch.org/pipermail/announce/2016-
>> > February/81.html state:
>> > "This release includes the highly anticipated support for connection
>> > tracking in the Linux kernel.  This feature makes it possible to
>> > implement stateful firewalls and will be the basis for future stateful
>> > features such as NAT and load-balancing.  Work is underway to bring
>> > connection tracking to the userspace datapath (used by DPDK) and the
>> > port to Hyper-V."  - in the way that 'work is underway' (=work is
>> > ongoing) means that a time of OVS 2.5 release the feature was not
>> > 'classified' as ready?
>> [Mooney, Sean K]
>> In ovs 2.5 only linux kernel conntrack was supported assuming you had a 4.x
>> kernel that supported it. that means that the feature was not available on
>> bsd,windows or with dpdk.
>>
>> In the upcoming ovs 2.6 release conntrack support has been added to the
>> Netdev datapath which is used with dpdk and on bsd. As far as I

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-10 Thread Kostiantyn.Volenbovskyi

Hi, 
> [Mooney, Sean K]
> In ovs 2.5 only linux kernel conntrack was supported assuming you had a 4.x
> kernel that supported it. that means that the feature was not available on
> bsd,windows or with dpdk.
Yup, I also thought about something like that.
I think I was at-least-slightly misguided by
http://docs.openstack.org/draft/networking-guide/adv-config-ovsfwdriver.html 
and there is currently a statement 
"The native OVS firewall implementation requires kernel and user space support 
for conntrack, thus requiring minimum versions of the Linux kernel and Open 
vSwitch. All cases require Open vSwitch version 2.5 or newer."

Do you agree that this is something to change? I think it is not OK to state 
OVS 2.6 without that being released, but in case I am not confusing then:
-OVS firewall driver with OVS that uses kernel datapath requires OVS 2.5 and 
Linux kernel 4.3
-OVS firewall driver with OVS that uses userspace datapath with DPDK (aka 
ovs-dpdk  aka DPDK vhost-user aka netdev datapath) doesn't have a Linux kernel 
prerequisite
That is documented in table in " ### Q: Are all features available with all 
datapaths?":
http://openvswitch.org/support/dist-docs/FAQ.md.txt 
where currently 'Connection tracking' row says 'NO' for 'Userspace' - but 
that's exactly what has been merged recently /to become feature of OVS 2.6

Also when it comes to performance I came across 
http://openvswitch.org/pipermail/dev/2016-June/071982.html, but I would guess 
that devil could be the exact flows/ct actions that will be present in 
real-life scenario.


BR, 
Konstantin


> -Original Message-
> From: Mooney, Sean K [mailto:sean.k.moo...@intel.com]
> Sent: Tuesday, August 09, 2016 2:29 PM
> To: Volenbovskyi Kostiantyn, INI-ON-FIT-CXD-ELC
> <kostiantyn.volenbovs...@swisscom.com>; openstack-
> d...@lists.openstack.org
> Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security
> group driver with ovs-dpdk
> 
> 
> > -Original Message-
> > From: kostiantyn.volenbovs...@swisscom.com
> > [mailto:kostiantyn.volenbovs...@swisscom.com]
> > Sent: Tuesday, August 9, 2016 12:58 PM
> > To: openstack-dev@lists.openstack.org; Mooney, Sean K
> > <sean.k.moo...@intel.com>
> > Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack
> > security group driver with ovs-dpdk
> >
> > Hi,
> > (sorry for using incorrect threading)
> >
> > > > About 2 weeks ago I did some light testing with the conntrack
> > > > security group driver and the newly
> > > >
> > > > Merged upserspace conntrack support in ovs.
> > > >
> > By 'recently' - whether you mean patch v4
> > http://openvswitch.org/pipermail/dev/2016-June/072700.html
> > or you used OVS 2.5 itself (which I think includes v2 of the same
> > patch series)?
> [Mooney, Sean K] I used http://openvswitch.org/pipermail/dev/2016-
> June/072700.html or specifically i used the following commit
> https://github.com/openvswitch/ovs/commit/0c87efe4b5017de4c5ae99e7b9c3
> 6e8a6e846669
> which is just after userspace conntrack was merged,
> >
> > So in general - I am a bit confused about conntrack support in OVS.
> >
> > OVS 2.5 release notes http://openvswitch.org/pipermail/announce/2016-
> > February/81.html state:
> > "This release includes the highly anticipated support for connection
> > tracking in the Linux kernel.  This feature makes it possible to
> > implement stateful firewalls and will be the basis for future stateful
> > features such as NAT and load-balancing.  Work is underway to bring
> > connection tracking to the userspace datapath (used by DPDK) and the
> > port to Hyper-V."  - in the way that 'work is underway' (=work is
> > ongoing) means that a time of OVS 2.5 release the feature was not
> > 'classified' as ready?
> [Mooney, Sean K]
> In ovs 2.5 only linux kernel conntrack was supported assuming you had a 4.x
> kernel that supported it. that means that the feature was not available on
> bsd,windows or with dpdk.
> 
> In the upcoming ovs 2.6 release conntrack support has been added to the
> Netdev datapath which is used with dpdk and on bsd. As far as I am aware
> windows conntrack support is still Missing but I may be wrong.
> 
> If you are interested the devstack local.conf I used to test that it 
> functioned is
> available here http://paste.openstack.org/show/552434/
> 
> I used an OpenStack vm using the Ubuntu 16.04 and 2 e1000 interfaces to do the
> testing.
> 
> 
> >
> >
> > BR,
> > Konstantin
> >
> >
> >
> > > On Sat, Aug 6, 2016 at 8:16 PM, Mooney, Sean K
> > <sean.k

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-09 Thread Mooney, Sean K


> -Original Message-
> From: kostiantyn.volenbovs...@swisscom.com
> [mailto:kostiantyn.volenbovs...@swisscom.com]
> Sent: Tuesday, August 9, 2016 12:58 PM
> To: openstack-dev@lists.openstack.org; Mooney, Sean K
> <sean.k.moo...@intel.com>
> Subject: RE: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack
> security group driver with ovs-dpdk
> 
> Hi,
> (sorry for using incorrect threading)
> 
> > > About 2 weeks ago I did some light testing with the conntrack
> > > security group driver and the newly
> > >
> > > Merged upserspace conntrack support in ovs.
> > >
> By 'recently' - whether you mean patch v4
> http://openvswitch.org/pipermail/dev/2016-June/072700.html
> or you used OVS 2.5 itself (which I think includes v2 of the same patch
> series)?
[Mooney, Sean K] I used 
http://openvswitch.org/pipermail/dev/2016-June/072700.html or specifically
i used the following commit 
https://github.com/openvswitch/ovs/commit/0c87efe4b5017de4c5ae99e7b9c36e8a6e846669
which is just after userspace conntrack was merged,
> 
> So in general - I am a bit confused about conntrack support in OVS.
> 
> OVS 2.5 release notes http://openvswitch.org/pipermail/announce/2016-
> February/81.html state:
> "This release includes the highly anticipated support for connection
> tracking in the Linux kernel.  This feature makes it possible to
> implement stateful firewalls and will be the basis for future stateful
> features such as NAT and load-balancing.  Work is underway to bring
> connection tracking to the userspace datapath (used by DPDK) and the
> port to Hyper-V."  - in the way that 'work is underway' (=work is
> ongoing) means that a time of OVS 2.5 release the feature was not
> 'classified' as ready?
[Mooney, Sean K] 
In ovs 2.5 only linux kernel conntrack was supported assuming you had a
4.x kernel that supported it. that means that the feature was not available on 
bsd,windows or with dpdk.

In the upcoming ovs 2.6 release conntrack support has been added to the 
Netdev datapath which is used with dpdk and on bsd. As far as I am aware 
windows conntrack support is still
Missing but I may be wrong.

If you are interested the devstack local.conf I used to test that it functioned 
is available here
http://paste.openstack.org/show/552434/

I used an OpenStack vm using the Ubuntu 16.04 and 2 e1000 interfaces to do the 
testing.


> 
> 
> BR,
> Konstantin
> 
> 
> 
> > On Sat, Aug 6, 2016 at 8:16 PM, Mooney, Sean K
> <sean.k.moo...@intel.com>
> > wrote:
> > > Hi just a quick fyi,
> > >
> > > About 2 weeks ago I did some light testing with the conntrack
> security
> > > group driver and the newly
> > >
> > > Merged upserspace conntrack support in ovs.
> > >
> > >
> > >
> > > I can confirm that at least form my initial smoke tests where I
> > >
> > > Uses netcat ping and ssh to try and establish connections between
> two
> > > vms the
> > >
> > > Conntrack security group driver appears to function correctly with
> the
> > > userspace connection tracker.
> > >
> > >
> > >
> > > We have not looked at any of the performance yet but assuming it is
> at
> > > an acceptable level I am planning to
> > >
> > > Deprecate the learn action based driver in networking-ovs-dpdk and
> > > remove it once  we have cut the stable newton
> > >
> > > Branch.
> > >
> > >
> > >
> > > We hope to do some rfc 2544 throughput testing to evaluate the
> > > performance sometime mid-September.
> > >
> > > Assuming all goes well I plan on enabling the conntrack based
> security
> > > group driver by default when the
> > >
> > > Networking-ovs-dpdk devstack plugin is loaded. We will also
> evaluate
> > > enabling the security group tests
> > >
> > > In our third party ci to ensure it continues to function correctly
> > > with ovs-dpdk.
> > >
> > >
> > >
> > > Regards
> > >
> > > Seán
> > >
> > >
> > >
> > >
> > >
> > _
> > _
> > >  OpenStack Development Mailing List (not for usage questions)
> > > Unsubscribe:
> > > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > >
> >
> > _
> > _
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-
> requ...@lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-09 Thread Kostiantyn.Volenbovskyi

Hi,
(sorry for using incorrect threading)

> > About 2 weeks ago I did some light testing with the conntrack security
> > group driver and the newly
> >
> > Merged upserspace conntrack support in ovs.
> >
By 'recently' - whether you mean patch v4 
http://openvswitch.org/pipermail/dev/2016-June/072700.html
or you used OVS 2.5 itself (which I think includes v2 of the same patch series)?

So in general - I am a bit confused about conntrack support in OVS.

OVS 2.5 release notes 
http://openvswitch.org/pipermail/announce/2016-February/81.html state:
"This release includes the highly anticipated support for connection tracking 
in the Linux kernel.  This feature makes it possible to implement stateful 
firewalls and will be the basis for future stateful features such as NAT and 
load-balancing.  Work is underway to bring connection tracking to the userspace 
datapath (used by DPDK) and the port to Hyper-V."  - in the way that 'work is 
underway' (=work is ongoing) means that a time of OVS 2.5 release the feature 
was not 'classified' as ready?
 

BR, 
Konstantin



> On Sat, Aug 6, 2016 at 8:16 PM, Mooney, Sean K 
> wrote:
> > Hi just a quick fyi,
> >
> > About 2 weeks ago I did some light testing with the conntrack security
> > group driver and the newly
> >
> > Merged upserspace conntrack support in ovs.
> >
> >
> >
> > I can confirm that at least form my initial smoke tests where I
> >
> > Uses netcat ping and ssh to try and establish connections between two
> > vms the
> >
> > Conntrack security group driver appears to function correctly with the
> > userspace connection tracker.
> >
> >
> >
> > We have not looked at any of the performance yet but assuming it is at
> > an acceptable level I am planning to
> >
> > Deprecate the learn action based driver in networking-ovs-dpdk and
> > remove it once  we have cut the stable newton
> >
> > Branch.
> >
> >
> >
> > We hope to do some rfc 2544 throughput testing to evaluate the
> > performance sometime mid-September.
> >
> > Assuming all goes well I plan on enabling the conntrack based security
> > group driver by default when the
> >
> > Networking-ovs-dpdk devstack plugin is loaded. We will also evaluate
> > enabling the security group tests
> >
> > In our third party ci to ensure it continues to function correctly
> > with ovs-dpdk.
> >
> >
> >
> > Regards
> >
> > Seán
> >
> >
> >
> >
> >
> _
> _
> >  OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> 
> _
> _
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-08 Thread Miguel Angel Ajo Pelayo

Awesome Sean!,

   Keep us posted!! :)


On Sat, Aug 6, 2016 at 8:16 PM, Mooney, Sean K  wrote:
> Hi just a quick fyi,
>
> About 2 weeks ago I did some light testing with the conntrack security group
> driver and the newly
>
> Merged upserspace conntrack support in ovs.
>
>
>
> I can confirm that at least form my initial smoke tests where I
>
> Uses netcat ping and ssh to try and establish connections between two vms
> the
>
> Conntrack security group driver appears to function correctly with the
> userspace connection tracker.
>
>
>
> We have not looked at any of the performance yet but assuming it is at an
> acceptable level I am planning to
>
> Deprecate the learn action based driver in networking-ovs-dpdk and remove it
> once  we have cut the stable newton
>
> Branch.
>
>
>
> We hope to do some rfc 2544 throughput testing to evaluate the performance
> sometime mid-September.
>
> Assuming all goes well I plan on enabling the conntrack based security group
> driver by default when the
>
> Networking-ovs-dpdk devstack plugin is loaded. We will also evaluate
> enabling the security group tests
>
> In our third party ci to ensure it continues to function correctly  with
> ovs-dpdk.
>
>
>
> Regards
>
> Seán
>
>
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

2016-08-06 Thread Mooney, Sean K

Hi just a quick fyi,
About 2 weeks ago I did some light testing with the conntrack security group 
driver and the newly
Merged upserspace conntrack support in ovs.

I can confirm that at least form my initial smoke tests where I
Uses netcat ping and ssh to try and establish connections between two vms the
Conntrack security group driver appears to function correctly with the 
userspace connection tracker.

We have not looked at any of the performance yet but assuming it is at an 
acceptable level I am planning to
Deprecate the learn action based driver in networking-ovs-dpdk and remove it 
once  we have cut the stable newton
Branch.

We hope to do some rfc 2544 throughput testing to evaluate the performance 
sometime mid-September.
Assuming all goes well I plan on enabling the conntrack based security group 
driver by default when the
Networking-ovs-dpdk devstack plugin is loaded. We will also evaluate enabling 
the security group tests
In our third party ci to ensure it continues to function correctly  with 
ovs-dpdk.

Regards
Seán

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

Re: [openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

[openstack-dev] [neutron][networking-ovs-dpdk] conntrack security group driver with ovs-dpdk

7 matches

Site Navigation

Mail list logo

Footer information