© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
hi armando,
i vaguely remember the conversations related to stateful vs non stateful firewall implementation
that took place at i want to say the paris summit? it was a while ago so i cant remember all the details
directly but i understand the rational for why the stateful approach is preferred. while we can support
new,established and closed state i our implementation if we wanted to the related flow are not possible with
our approach.
the openstack piece of the connection tracking driver tracked by https:/
should work unmodifed with the dpdk datapath when the userspace conntrack implementation is merged.
we hope to pull down the ovs patches and start testing with the prototype conntrack driver probably next week.
if there are minor compatible tweek needed to make the conntrack driver work with dpdk we will submit patches to
ensure you can just drop in ovs with dpdk and use the driver when its available.
in parallel to our testing one of my counterparts in our vswitch team will be looking at the userspace patch series.
There is a currently a 12 patch series for adding this support proposed to the ovs mailing list.
My understading is that the 2.5 branch of ovs is already feature frozen so ignoring the fact that its ~2K lines of code it
is unlikely that it could be added to the 2.5 releases.
we have some concerns that the conntrack implementation may be a non trivial performance hit though the design of the
code does have some point where it could be optimised. incidentally the only public performance figure i am aware of was the following presentation (https:/