Thanks for answering the question Jamo. FYI, there are 4 modes:
"transparent" - Off "stateless" - Static OpenFlow rules. "stateful" - Use Connection tracker (Default) "learn" - Use OVS learn action to track connections. Kind of a "poor man's" connection tracker. Andre On Mon, Dec 5, 2016 at 8:03 PM, Yang, Yi Y <[email protected]> wrote: > Thanks Jamo, I know how to enable it now. > > -----Original Message----- > From: Jamo Luhrsen [mailto:[email protected]] > Sent: Tuesday, December 6, 2016 8:56 AM > To: Yang, Yi Y <[email protected]>; Andre Fredette <[email protected] > > > Cc: [email protected]; [email protected]; > ovsdb-dev <[email protected]> > Subject: Re: [ovsdb-dev] [sfc-dev] ovs nsh patches have been ported into > ovs 2.6.1 > > Hi Yi, > > In CSIT, we have a script that toggles the "security group mode" [0]. It > assumes a freshly unzipped distribution and: > > - gets the proper config file with: > find /tmp/${BUNDLEFOLDER} -name "*aclservice*config.xml" > > - copies that file to: > etc/opendaylight/datastore/initial/config/netvirt- > aclservice-config.xml > > - modifies the security-group-mode config. > > you can try with "transparent" instead of the default "stateful" > > Also, I think after you install the netvirt feature(s) that config file is > automatically moved to the proper location, so that first step of finding > the file is just because we haven't installed the feature yet on a freshly > unzipped distro. > > hope it helps, > JamO > > [0] https://github.com/opendaylight/integration-test/ > blob/master/csit/scripts/set_sg_mode.sh > > On 12/05/2016 04:18 PM, Yang, Yi Y wrote: > > Andre, thank you for your information, It is the first time for me to > > know this, can you share us how we can enable not-use-conntrack option > for this? I want to try it. > > > > > > > > *From:*Andre Fredette [mailto:[email protected]] > > *Sent:* Monday, December 5, 2016 11:09 PM > > *To:* Yang, Yi Y <[email protected]> > > *Cc:* [email protected]; > > [email protected]; ovsdb-dev > > <[email protected]> > > *Subject:* Re: [sfc-dev] ovs nsh patches have been ported into ovs > > 2.6.1 > > > > > > > > FYI, NetVirt can be configured to not use conntrack for security groups. > > > > > > > > Andre > > > > > > > > > > > > On Thu, Dec 1, 2016 at 1:28 AM, Yang, Yi Y <[email protected] <mailto: > [email protected]>> wrote: > > > > Hi, folks > > > > > > > > Current ovs nsh patches https://github.com/yyang13/ovs_nsh_patches/ > are only for ovs 2.5.98, so it can’t be built on > > Linux kernel 4.1 and above, moreover this ovs DPDK version can’t > support conntrack, NetVirt depends on conntrack to > > implement security group. > > > > > > > > Now I have ported https://github.com/yyang13/ovs_nsh_patches/ to > ovs 2.6.1, so it can be built on almost any Linux > > distribution (kernel version >= 3.11, <= 4.8) , to be important, > this ovs DPDK version can support conntrack, so we can > > use this ovs DPDK version for NetVirt + SFC integration with > vhostuser and security group support. > > > > > > > > The patchset for ovs 2.6.1 is https://github.com/yyang13/ > ovs_nsh_patches/tree/master/v2.6.1, > > https://github.com/yyang13/ovs_nsh_patches/blob/master/ > start-ovs-deb-2.6.1.sh is used to build and install debian > > packages on Ubuntu, ODL can adapt to it without any change, welcome > your tries. > > > > > > _______________________________________________ > > sfc-dev mailing list > > [email protected] <mailto:sfc-dev@lists. > opendaylight.org> > > https://lists.opendaylight.org/mailman/listinfo/sfc-dev > > > > > > > > > > > > _______________________________________________ > > ovsdb-dev mailing list > > [email protected] > > https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev > > >
_______________________________________________ sfc-dev mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/sfc-dev
