Hi Yi,
In CSIT, we have a script that toggles the "security group mode" [0]. It
assumes a freshly
unzipped distribution and:
- gets the proper config file with:
find /tmp/${BUNDLEFOLDER} -name "*aclservice*config.xml"
- copies that file to:
etc/opendaylight/datastore/initial/config/netvirt-aclservice-config.xml
- modifies the security-group-mode config.
you can try with "transparent" instead of the default "stateful"
Also, I think after you install the netvirt feature(s) that config file is
automatically
moved to the proper location, so that first step of finding the file is just
because we
haven't installed the feature yet on a freshly unzipped distro.
hope it helps,
JamO
[0]
https://github.com/opendaylight/integration-test/blob/master/csit/scripts/set_sg_mode.sh
On 12/05/2016 04:18 PM, Yang, Yi Y wrote:
> Andre, thank you for your information, It is the first time for me to know
> this, can you share us how we can enable
> not-use-conntrack option for this? I want to try it.
>
>
>
> *From:*Andre Fredette [mailto:[email protected]]
> *Sent:* Monday, December 5, 2016 11:09 PM
> *To:* Yang, Yi Y <[email protected]>
> *Cc:* [email protected]; [email protected];
> ovsdb-dev <[email protected]>
> *Subject:* Re: [sfc-dev] ovs nsh patches have been ported into ovs 2.6.1
>
>
>
> FYI, NetVirt can be configured to not use conntrack for security groups.
>
>
>
> Andre
>
>
>
>
>
> On Thu, Dec 1, 2016 at 1:28 AM, Yang, Yi Y <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hi, folks
>
>
>
> Current ovs nsh patches https://github.com/yyang13/ovs_nsh_patches/ are
> only for ovs 2.5.98, so it can’t be built on
> Linux kernel 4.1 and above, moreover this ovs DPDK version can’t support
> conntrack, NetVirt depends on conntrack to
> implement security group.
>
>
>
> Now I have ported https://github.com/yyang13/ovs_nsh_patches/ to ovs
> 2.6.1, so it can be built on almost any Linux
> distribution (kernel version >= 3.11, <= 4.8) , to be important, this ovs
> DPDK version can support conntrack, so we can
> use this ovs DPDK version for NetVirt + SFC integration with vhostuser
> and security group support.
>
>
>
> The patchset for ovs 2.6.1 is
> https://github.com/yyang13/ovs_nsh_patches/tree/master/v2.6.1,
>
> https://github.com/yyang13/ovs_nsh_patches/blob/master/start-ovs-deb-2.6.1.sh
> is used to build and install debian
> packages on Ubuntu, ODL can adapt to it without any change, welcome your
> tries.
>
>
> _______________________________________________
> sfc-dev mailing list
> [email protected] <mailto:[email protected]>
> https://lists.opendaylight.org/mailman/listinfo/sfc-dev
>
>
>
>
>
> _______________________________________________
> ovsdb-dev mailing list
> [email protected]
> https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev
>
_______________________________________________
sfc-dev mailing list
[email protected]
https://lists.opendaylight.org/mailman/listinfo/sfc-dev
