Hello everybody, I'm cross-posting this with operators list. The openvswitch flows-based stateful firewall driver which uses the conntrack support in Linux kernel >= 4.3 (iirc) has been marked as experimental for several releases now, is there any information about flaws in this and why it should not be used in production?
It's still marked as experimental or missing documentation in the networking guide [1]. And to operators; is anybody running the OVS stateful firewall in production? (firewall_driver = openvswitch) Appreciate any feedback :) Best regards [1] https://docs.openstack.org/neutron/queens/admin/config-ovsfwdriver.html __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
