I am running wallaby and thinking I can just upgrade my neutron to Xena if possible to test out my code or should i have to forklift the whole stack to Xena including openvswitch 21.06
On Sat, Sep 11, 2021 at 2:31 AM Ammad Syed <[email protected]> wrote: > > Refer the xena release notes of neutron here. > > https://docs.openstack.org/releasenotes/neutron/unreleased.html > > Ammad > On Sat, Sep 11, 2021 at 7:45 AM Satish Patel <[email protected]> wrote: >> >> Thank you for reply, >> >> That does make sense, if xena has support then i can wait for it, I >> believe it's about to release. >> >> On Fri, Sep 10, 2021 at 10:29 PM Ammad Syed <[email protected]> wrote: >> > >> > I think stateless acl with ovn backend is currently not supported in >> > openstack. The feature is planned and will be available in next openstack >> > release i.e xena. >> > >> > Ammad >> > On Sat, Sep 11, 2021 at 1:23 AM Satish Patel <[email protected]> wrote: >> >> >> >> Thank you, i am trying the following but look like it doesn't like it, >> >> Openstack Doc saying it should work. (i am running latest openstack) >> >> >> >> # openstack security group create --stateless foo_sg >> >> Error while executing command: BadRequestException: 400, Unrecognized >> >> attribute(s) 'stateful' >> >> >> >> On Fri, Sep 10, 2021 at 4:05 PM Odintsov Vladislav <[email protected]> >> >> wrote: >> >> > >> >> > I’m not an openstack user, so leave this question to somebody >> >> > from openstack guys. >> >> > >> >> > Regards, >> >> > Vladislav Odintsov >> >> > >> >> > On 10 Sep 2021, at 23:00, Satish Patel <[email protected]> wrote: >> >> > >> >> > Thank you for your reply, >> >> > >> >> > Glad to know there is a workaround, i am little noob to OVN, could you >> >> > explain how to set higher priority ACL using "openstack security group >> >> > rule" command, because most of my users using terrafrom to deploy vms >> >> > and play with security-group and how do i tell allow-stateless when >> >> > create group using openstack clients? >> >> > >> >> > On Fri, Sep 10, 2021 at 3:54 PM Odintsov Vladislav <[email protected]> >> >> > wrote: >> >> > >> >> > >> >> > Hi, >> >> > >> >> > with OVN 21.06+ you can create overriding ACLs with higher priority >> >> > than you currently have, with special "allow-stateless" verb, which >> >> > ensures >> >> > packets bypassing conntrack. >> >> > >> >> > Regards, >> >> > Vladislav Odintsov >> >> > >> >> > On 10 Sep 2021, at 22:49, Satish Patel <[email protected]> wrote: >> >> > >> >> > Folk, >> >> > >> >> > We are a large shop of UDP applications so trying to find a way to >> >> > disable the conntrack for the entire UDP protocol stack, I did google >> >> > and dig into some ovn documentation but did not find any workaround >> >> > which allows disabling a conntrack on UDP protocol. >> >> > >> >> > Or another option i was thinking of is to disable ACL in OVS entirely >> >> > and then i will use iptables on vm because that way i can disable >> >> > conntrack using iptables. >> >> > >> >> > Anyone have any idea what to do if possible? >> >> > _______________________________________________ >> >> > discuss mailing list >> >> > [email protected] >> >> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >> >> > >> >> > >> >> > >> >> _______________________________________________ >> >> discuss mailing list >> >> [email protected] >> >> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >> > >> > -- >> > Regards, >> > >> > >> > Syed Ammad Ali > > -- > Regards, > > > Syed Ammad Ali _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
