Please note: All times listed below are in Central Time Zone
This session will give overview of current implementations of neutron-open vswitch-agent security group firewall drivers using pure Open vSwitch bridges. Two approaches using OpenFlow will be demonstrated and explained how each approach works: a security group firewall driver based on OpenFlow learn-action rules and a security group firewall driver based on using conntrack implemented in Open vSwitch kernel space; one of this implementations is called to even replace the default iptables based security group firewall driver.
Benchmarks comparing the two new security group firewall drivers with the current iptables security group firewall driver will be shown and bothapproaches will be described in detail with pros and cons of each identified and including showing tips on how to debug lost packets in the firewall.
Attendees will gain a thorough understanding of the Neutron security group functionality. They will learn how different security group firewall drivers work and will get the knowledge of where and how packets are being filtered in the pipeline. The session will teach attendees the pros and cons of the different options for Neutron security group firewall drivers which are proposed to be added to Neutron. Also after the talk the attendees will know how to try different firewall drivers and Open vSwitch combinations.