I’m not an openstack user, so leave this question to somebody from openstack guys.
Regards, Vladislav Odintsov On 10 Sep 2021, at 23:00, Satish Patel <[email protected]<mailto:[email protected]>> wrote: Thank you for your reply, Glad to know there is a workaround, i am little noob to OVN, could you explain how to set higher priority ACL using "openstack security group rule" command, because most of my users using terrafrom to deploy vms and play with security-group and how do i tell allow-stateless when create group using openstack clients? On Fri, Sep 10, 2021 at 3:54 PM Odintsov Vladislav <[email protected]<mailto:[email protected]>> wrote: Hi, with OVN 21.06+ you can create overriding ACLs with higher priority than you currently have, with special "allow-stateless" verb, which ensures packets bypassing conntrack. Regards, Vladislav Odintsov On 10 Sep 2021, at 22:49, Satish Patel <[email protected]<mailto:[email protected]>> wrote: Folk, We are a large shop of UDP applications so trying to find a way to disable the conntrack for the entire UDP protocol stack, I did google and dig into some ovn documentation but did not find any workaround which allows disabling a conntrack on UDP protocol. Or another option i was thinking of is to disable ACL in OVS entirely and then i will use iptables on vm because that way i can disable conntrack using iptables. Anyone have any idea what to do if possible? _______________________________________________ discuss mailing list [email protected]<mailto:[email protected]> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
