April 25-29, 2016

Event Details

Please note: All times listed below are in Central Time Zone

Tired of Iptables Based Security Groups? Here's How to Gain Tremendous Speed with Open vSwitch Instead!

This session will give overview of current implementations of neutron-open vswitch-agent security group firewall drivers using pure Open vSwitch bridges. Two approaches using OpenFlow will be demonstrated and explained how each approach works: a security group firewall driver based on OpenFlow learn-action rules and a security group firewall driver based on using conntrack implemented in Open vSwitch kernel space; one of this implementations is called to even replace the default iptables based security group firewall driver.

Benchmarks comparing the two new security group firewall drivers with the current iptables security group firewall driver will be shown and bothapproaches will be described in detail with pros and cons of each identified and including showing tips on how to debug lost packets in the firewall.

What can I expect to learn?

Attendees will gain a thorough understanding of the Neutron security group functionality. They will learn how different security group firewall drivers work and will get the knowledge of where and how packets are being filtered in the pipeline.  The session will teach attendees the pros and cons of the different options for Neutron security group firewall drivers which are proposed to be added to Neutron. Also after the talk the attendees will know how to try different firewall drivers and Open vSwitch combinations.

Wednesday, April 27, 1:50pm-2:30pm (6:50pm - 7:30pm UTC)
Difficulty Level: Intermediate
Red Hat
Jakub works at Red Hat as Neutron OpenStack developer. FULL PROFILE
OpenStack rookie, but truly enthusiastic. Focus on networking and metering projects. FULL PROFILE