neutron

Bug #1461000
Comment #25

Comment 25 for bug 1461000

Revision history for this message

Thiago Martins (martinx) wrote on 2016-02-25: Re: [Bug 1461000] Re: [rfe] openvswitch based firewall driver

#25

Hey Armando,

Thank you for the heads up!

Let me ask you guys something, and BTW, forgive to ask this here, on a bug
report, but I think it is related...

Right now, if I run:

sudo apt install neutron-openvswitch-agent

On Ubuntu Xenial (proposed enabled), I'm seeing this:

---
root@mitaka-1:~# apt install neutron-openvswitch-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
dpdk libdpdk0 openvswitch-common openvswitch-switch
---

And this is IMPRESSIVE!

However, let me ask this:

Will be possible to use, at the same time (same Network and Compute nodes /
Host Agregate):

1- Regular OVS bridges without DPDK for VXLAN Networks, with OVS-Firewall
and;

2- OVS powered by DPDK for Provider Networks (without any firewall, current
case).

I have NFV Instances that are also, DPDK L2 Bridges running on KVM, that
are physically wired using Provider Networks (flat and vlans).

So, for the Instance vNICs (eth1 and eth2) that are used as a bridge, I
don't want any kind of firewall and I want OVS+DPDK under it but, for SSH
into the Instance (via its eth0), it is still regular VXLAN with Security
Groups - OVS-Firewall now (no need for DPDK under eth0 / VXLAN)...

I'm curious about this specially because the OVS Ubuntu package, makes use
of Debian's Alternatives subsystem, and we need to choose one OVS
(default), or another (with DPDK), via "update-alternatives", so, will be
possible to select OVS with DPDK but, use regular bridges as well?

Thanks in advance!

Best,
Thiago

On 24 February 2016 at 01:03, Armando Migliaccio <<email address hidden>
> wrote:

> I am afraid this won't work with OVS+DPDK. See bug 1531205 for more
> details.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1461000
>
> Title:
> [rfe] openvswitch based firewall driver
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/neutron/+bug/1461000/+subscriptions
>

Hey Armando,

Thank you for the heads up!

Let me ask you guys something, and BTW, forgive to ask this here, on a bug
report, but I think it is related...

Right now, if I run:

sudo apt install neutron-openvswitch-agent

On Ubuntu Xenial (proposed enabled), I'm seeing this:

---
root@mitaka-1:~# apt install neutron-openvswitch-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  dpdk libdpdk0 openvswitch-common openvswitch-switch
---

And this is IMPRESSIVE!

However, let me ask this:

Will be possible to use, at the same time (same Network and Compute nodes /
Host Agregate):

1- Regular OVS bridges without DPDK for VXLAN Networks, with OVS-Firewall
and;

2- OVS powered by DPDK for Provider Networks (without any firewall, current
case).

I have NFV Instances that are also, DPDK L2 Bridges running on KVM, that
are physically wired using Provider Networks (flat and vlans).

Thanks in advance!

Best,
Thiago

On 24 February 2016 at 01:03, Armando Migliaccio <1461000@bugs.launchpad.net
> wrote:

> I am afraid this won't work with OVS+DPDK. See bug 1531205 for more
> details.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1461000
>
> Title:
>   [rfe] openvswitch based firewall driver
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/neutron/+bug/1461000/+subscriptions
>