I agree with Kevin that we should adopt veth pairs for fixing the issue in
the short term, at least until CT gets merged and distributed in OVS. At
that point the transition to a OVS based solution will make a lot of sense,
given that the numbers show that it's worth of course ;)
On Sun Feb 15
[Sorry for the resend, I had to subscribe to openstack-dev first,
maybe worth removing the subscribe requirement for outsiders]
[Copying ovs-dev]
On 02/13/15 at 01:47pm, Miguel Ángel Ajo wrote:
Sorry, I forgot about
5) If we put all our OVS/OF bridge logic in just one bridge (instead of
What is the status of the conntrack integration with respect to
availability in distributions? The lack of state tracking has blocked the
ability for us to get rid of namespaces for the L3 agent (because of SNAT)
and the filtering bridge between the VM and OVS (stateful firewall for
security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/13/2015 01:42 PM, Miguel Ángel Ajo wrote:
Hi, Ihar Jiri, thank you for pointing this out.
I’m working on the following items:
1) Doing Openflow traffic filtering (stateful firewall) based on
OVS+CT[1] patch, which may
eventually
In short term, we use veth pairs with namespace to fix the issue if performance
is not impacted (Hopefully:)
If performance downgrade too much, we may consider the following:
1) DHCP agent: use veth pairs with namespace since it is not critical path.
2) L3 agent: don't create port in OSV.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/13/2015 01:47 PM, Miguel Ángel Ajo wrote:
Sorry, I forgot about
5) If we put all our OVS/OF bridge logic in just one bridge
(instead of N: br-tun, br-int, br-ex, br-xxx), the performance
should be yet higher, since, as far as I
Sorry, I forgot about
5) If we put all our OVS/OF bridge logic in just one bridge (instead of N:
br-tun, br-int, br-ex, br-xxx),
the performance should be yet higher, since, as far as I understood, flow
rule lookup could be more
optimized into the kernel megaflows without
Hi, Ihar Jiri, thank you for pointing this out.
I’m working on the following items:
1) Doing Openflow traffic filtering (stateful firewall) based on OVS+CT[1]
patch, which may
eventually merge. Here I want to build a good amount of benchmarks to be
able to compare
the current network
Surely eliminating linux bridge for iptables by ovs+tc is quite important
for performance.
On Fri, Feb 13, 2015 at 01:57:46PM +0100,
Ihar Hrachyshka ihrac...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/13/2015 01:47 PM, Miguel Ángel Ajo wrote:
Sorry, I forgot
