Meetings/Neutron blueprint ovs-firewall-driver
< Meetings
Revision as of 04:16, 14 December 2013 by Amir-sadoughi (talk | contribs) (Created page with "=== '''Meeting Dec 16, 2013''' === * Development discussions: ** blueprint ovs-firewall-driver: progress and technical discussion *** purpose *** openvswitch statelessness an...")
Meeting Dec 16, 2013
- Development discussions:
- blueprint ovs-firewall-driver: progress and technical discussion
- purpose
- openvswitch statelessness and security groups frontend API and DB: https://etherpad.openstack.org/p/ovs-firewall-driver-stateless-2
- ovs_neutron_agent nuances:
- (1) firewall invoked before agent does anything in C[R]UD operations
- (2) agent removes all flows at initialization
- (3) not sure about ovs having atomicity like iptables-restore has (all connections might be dropped/allowed)
- if extra time, quickly mention:
- working on adding IPv6 flows
- working on adding multiple ports in range (try port bitmask or N flows per N ports?)
- of course, need to add unit/integration tests; if someone wants to help on integration tests, that would be good if that's possible
- neutron-rootwrap-xen-dom0 bugs: https://bugs.launchpad.net/neutron/+bug/1185872/comments/3, https://bugs.launchpad.net/neutron/+bug/1259748
- other network types: should work as-is since the tunnel OVS flows just pass it to the integration bridge where firewall flows live, but test environment not setup to do so
- table, priority coordination: ok for now to be hard-coded in Neutron, but will need an abstraction in the future possibly
- blueprint ovs-firewall-driver: progress and technical discussion
