Public bug reported: In Ussuri, we added support for stateless firewall [1]
This added support for stateful attribute in security group, with needed parts in API extensions "stateful-security-group", database, ... [2] However implementation is currently only done for the iptables drivers, this limitation is noted in release notes for the feature. As proposed discussed in the Victoria PTG [3], we should add support for this attribute in OVS firewall driver (default in devstack, and also needed for hardware offlad). Most changes would be around skipping any parts involving conntrack. An implementation example also existed in networking-ovs-dpdk [4] [1] https://bugs.launchpad.net/neutron/+bug/1753466 [2] https://review.opendev.org/#/c/572767/ [3] https://etherpad.opendev.org/p/neutron-victoria-ptg L162 [4] https://opendev.org/x/networking-ovs-dpdk/src/branch/stable/rocky/networking_ovs_dpdk/agent/ovs_dpdk_firewall.py ** Affects: neutron Importance: Undecided Status: New ** Tags: ovs-fw -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1885261 Title: Add stateless firewall support to OVS firewall Status in neutron: New Bug description: In Ussuri, we added support for stateless firewall [1] This added support for stateful attribute in security group, with needed parts in API extensions "stateful-security-group", database, ... [2] However implementation is currently only done for the iptables drivers, this limitation is noted in release notes for the feature. As proposed discussed in the Victoria PTG [3], we should add support for this attribute in OVS firewall driver (default in devstack, and also needed for hardware offlad). Most changes would be around skipping any parts involving conntrack. An implementation example also existed in networking-ovs-dpdk [4] [1] https://bugs.launchpad.net/neutron/+bug/1753466 [2] https://review.opendev.org/#/c/572767/ [3] https://etherpad.opendev.org/p/neutron-victoria-ptg L162 [4] https://opendev.org/x/networking-ovs-dpdk/src/branch/stable/rocky/networking_ovs_dpdk/agent/ovs_dpdk_firewall.py To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1885261/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
