<div dir="ltr">Hmm, interesting, can you share a diagram of your topology?<div>(just curious) :)</div><div><br></div><div>Greetings!!,</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>---</div><div>irc: ajo / mangelajo</div>Miguel Angel Ajo Pelayo<br>+34 636 52 25 69<br>skype: ajoajoajo</div></div></div>
<br><div class="gmail_quote">2014-11-12 9:19 GMT+01:00 Chris <span dir="ltr"><<a href="mailto:contact@progbau.de" target="_blank">contact@progbau.de</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Miguele,<br>
<br>
thanks for your input!<br>
<br>
We avoided VXLAN/GRE, we use multi-flat provider network, so each compute node traffic going directly to the provider network without neutron routers in between.<br>
<br>
Cheers<br>
Chris<span class=""><br>
<br>
On 2014-11-11 14:21, Miguel Angel wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi Chris, <br>
<br>
If you care a lot about performance, try to make sure that you either:<br>
<br>
a) Increase MTU on all your tunneling interfaces to avoid<br>
fragmentation.<br>
<br>
or<br>
<br>
b) work with VLANs instead of VXLAN/GRE.<br>
<br>
Best regards.<br>
Miguel Ángel.<br>
<br>
---<br></span>
irc: ajo / mangelajoMiguel Angel Ajo Pelayo<div><div class="h5"><br>
<a href="tel:%2B34%20636%2052%2025%2069" value="+34636522569" target="_blank">+34 636 52 25 69</a><br>
skype: ajoajoajo<br>
<br>
2014-11-11 4:24 GMT+01:00 Chris <<a href="mailto:contact@progbau.de" target="_blank">contact@progbau.de</a>>:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Hello Ihar,<br>
<br>
Thanks for taking care of this! Let's hope the backport for<br>
Icehouse will be<br>
available soon.<br>
We will use it in our setup!<br>
<br>
Cheers<br>
Chris<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:rdo-list-bounces@redhat.com" target="_blank">rdo-list-bounces@redhat.com</a><br>
[mailto:<a href="mailto:rdo-list-bounces@redhat.com" target="_blank">rdo-list-bounces@<u></u>redhat.com</a>] On<br>
Behalf Of Ihar Hrachyshka<br>
Sent: Monday, November 10, 2014 17:53<br>
To: <a href="mailto:rdo-list@redhat.com" target="_blank">rdo-list@redhat.com</a><br>
Subject: Re: [Rdo-list] Compute Node without firewall (iptables)<br>
and Linux<br>
bridge<br>
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
Hey,<br>
<br>
I've looked closer into the issue. Indeed, neutron does not send<br>
proper VIF<br>
details flags to disable hybrid bridging on nova side. The issue<br>
was fixed<br>
with the following patch in master:<br>
<br></div></div>
- - <a href="https://review.openstack.org/#/c/104240/" target="_blank">https://review.openstack.org/#<u></u>/c/104240/</a> [1]<span class=""><br>
<br>
I've requested a backport for the patch for Icehouse and Juno:<br>
<br></span>
- - <a href="https://review.openstack.org/133421" target="_blank">https://review.openstack.org/<u></u>133421</a> [2] (Icehouse)<br>
- - <a href="https://review.openstack.org/132759" target="_blank">https://review.openstack.org/<u></u>132759</a> [3] (Juno)<div><div class="h5"><br>
<br>
We'll need to wait for the patch to be merged in corresponding<br>
branches and<br>
be released to reach RDO repos though. So if you're keen to get the<br>
functionality ASAP, you can apply the patch to your setup in the<br>
meantime.<br>
<br>
Cheers,<br>
/Ihar<br>
<br>
On 30/10/14 13:32, Ihar Hrachyshka wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Do you use monolithic OVS plugin or ML2 mechanism? If the latter,<br>
</blockquote>
then<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
the file is not involved, and you should instead try to change<br>
</blockquote>
the<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
value in:<br>
<br>
<br>
</blockquote>
<br>
</div></div></blockquote><div><div class="h5">
/usr/lib/python2.6/site-<u></u>packages/neutron/plugins/ml2/<u></u>drivers/mech_open<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
vswitch.py<br>
<br>
  That said, removal of .py file is not enough to make sure it's<br>
</blockquote>
not<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
involved since .pyc file is still there and is used when there is<br>
</blockquote>
no<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
.py counterpart.<br>
<br>
On 30/10/14 11:56, Chris wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I just found out that the file in the compute node:<br>
<br>
</blockquote></blockquote>
<br>
</blockquote>
/usr/lib/python2.6/site-<u></u>packages/neutron/plugins/<u></u>openvswitch/ovs_neut<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
ron_plu<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
</blockquote>
<br>
gin.py<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
where I edit the portbindings.OVS_HYBRID_PLUG doesn't has any<br>
</blockquote></blockquote>
effect.<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I even can delete the whole file, the bridge is still being<br>
</blockquote></blockquote>
created<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
and everything works normal.<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Where I can edit the code to prevent the bridge creation?<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers Chris<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----Original Message----- From: Chris<br>
</blockquote></blockquote>
[mailto:<a href="mailto:contact@progbau.de" target="_blank">contact@progbau.de</a>]<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sent: Thursday, October 30, 2014<br>
01:28 To: 'Ihar Hrachyshka'; '<a href="mailto:rdo-list@redhat.com" target="_blank">rdo-list@redhat.com</a>' Subject: RE:<br>
[Rdo-list] Compute Node without firewall (iptables) and Linux<br>
</blockquote></blockquote>
bridge<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
What do you mean with re-plugged? During my testing I always<br>
</blockquote></blockquote>
delete<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
and create new Instances and every time the Linux<br>
bridge+interfaces gets deleted and created as well.<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers Chris<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----Original Message----- From: Ihar Hrachyshka<br>
[mailto:<a href="mailto:ihrachys@redhat.com" target="_blank">ihrachys@redhat.com</a>] Sent: Thursday, October 30, 2014<br>
00:04 To: Chris; <a href="mailto:rdo-list@redhat.com" target="_blank">rdo-list@redhat.com</a> Subject: Re: [Rdo-list]<br>
</blockquote></blockquote>
Compute<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Node without firewall (iptables) and Linux bridge<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Have you replugged your instances? VIF objects are persisted in<br>
</blockquote></blockquote>
db, I<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
guess with flags including the one that control whether a bridge<br>
should be created.<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Do you still see those bridges created for new instances?<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/Ihar<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 29/10/14 11:26, Chris wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
</blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
1) we just don't need it, we are using the provider network<br>
</blockquote></blockquote></blockquote>
which<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
includes hardware firewalls. 2) We have huge performance<br>
</blockquote></blockquote></blockquote>
problems<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
regarding TCP_CRR / TCP_RR. The OpenStack VMs can deal just<br>
</blockquote></blockquote></blockquote>
half of<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
TCP connections per second compared to our bare metal<br>
</blockquote></blockquote></blockquote>
installations.<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Throughput (10Gbit NIC) is fine though. Specs VMs and bare<br>
</blockquote></blockquote></blockquote>
metal are<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
of course equal (RAM, Cores, etc.)<br>
</blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Did a lot of testing regarding the performance issues, it<br>
</blockquote></blockquote></blockquote>
happens<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
"after" the both (br-int/br-ex) openvswitches. Upgraded ovs to<br>
version 2.3 just fyi.<br>
</blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers Chris<br>
</blockquote></blockquote>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----Original Message----- From: <a href="mailto:rdo-list-bounces@redhat.com" target="_blank">rdo-list-bounces@redhat.com</a><br>
[mailto:<a href="mailto:rdo-list-bounces@redhat.com" target="_blank">rdo-list-bounces@<u></u>redhat.com</a>] On Behalf Of Ihar<br>
</blockquote></blockquote></blockquote>
Hrachyshka<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sent: Wednesday, October 29, 2014 16:51 To:<br>
<a href="mailto:rdo-list@redhat.com" target="_blank">rdo-list@redhat.com</a> Subject: Re: [Rdo-list] Compute Node<br>
</blockquote></blockquote></blockquote>
without<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
firewall (iptables) and Linux bridge<br>
</blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 29/10/14 09:33, Chris wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I?m looking for a way to disable any firewall feature in one<br>
</blockquote></blockquote></blockquote></blockquote>
of our<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
compute nodes and prevent the creation of the Linux bridge in<br>
</blockquote></blockquote></blockquote></blockquote>
the<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
data path inside of this compute node.<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can you elaborate on reasons to disable it? Of course it sounds<br>
</blockquote></blockquote></blockquote>
a<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
bit not optimal, but do you have any performance concerns that<br>
</blockquote></blockquote></blockquote>
you<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
try to address in this way?<br>
</blockquote></blockquote>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
We using the RDO Icehouse release.<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Here is the configuration in the compute node:<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#/etc/neutron/plugin.ini<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
[securitygroup]<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#firewall_driver =<br>
<br>
</blockquote></blockquote></blockquote></blockquote>
neutron.agent.linux.iptables_<u></u>firewall.<u></u>OVSHybridIptablesFirewallDriv<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
er<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  firewall_driver = neutron.agent.firewall.<u></u>NoopFirewall<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
# enable_security_group = True<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
enable_security_group = False<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#/etc/nova/nova.conf<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
firewall_driver = nova.virt.firewall.<u></u>NoopFirewallDriver<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#security_group_api = neutron<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#/etc/neutron/plugins/<u></u>openvswitch/ovs_neutron_<u></u>plugin.ini<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
[securitygroup]<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
firewall_driver = neutron.agent.firewall.<u></u>NoopFirewallDriver<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
enable_security_group = False<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The firewall seems to be disabled but the bridge and the<br>
</blockquote></blockquote></blockquote></blockquote>
interfaces<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
are being still created.<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I found an older post about it:<br>
<br>
</blockquote></blockquote></blockquote></blockquote>
<a href="http://lists.openstack.org/pipermail/openstack/2014-May/007079.html" target="_blank">http://lists.openstack.org/<u></u>pipermail/openstack/2014-May/<u></u>007079.html</a><br></div></div>
[4]<span class=""><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  But changing ?portbindings.OVS_HYBRID_PLUG" from a<br>
</blockquote></blockquote></blockquote></blockquote>
hard-coded<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
"True" to "False" didn?t change anything.<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Please advise!<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers<br>
</blockquote></blockquote></blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Chris<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
______________________________<u></u>_________________ Rdo-list<br>
</blockquote></blockquote></blockquote></blockquote>
mailing<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
list <a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/rdo-list</a> [5]<br>
</blockquote></blockquote></blockquote>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
______________________________<u></u>_________________ Rdo-list<br>
</blockquote></blockquote></blockquote>
mailing<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
list <a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/rdo-list</a> [5]<br>
</blockquote></blockquote>
<br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________ Rdo-list mailing<br>
</blockquote>
list<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br>
</blockquote>
<a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/rdo-list</a> [5]<span class=""><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
</blockquote>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)<br>
<br>
iQEcBAEBCgAGBQJUYJkAAAoJEC5aWa<u></u>UY1u57WZkIAII4LUJWK1dMh1BCM+<u></u>fnZrJl<br>
wKsNXNs7kgIT4rmStz2UsNo6m+<u></u>nwnwT+<u></u>OM36Jigi4N7XZEDLMOvujx27Efd3o6<u></u>M7<br>
F1Tl3Ld/To4te0Ayvd1CF+xV6jW6u/<u></u>NegSrPSeT7edosi8cBeFlOdh3F5NN6<u></u>lyJe<br>
c6LDspyCh8thX71bSlswMK4uHMlX4N<u></u>856197r3/tuWpDPcRRy9g9n9+<u></u>wF0avV3pv<br>
j8sf2zZupyR54xJbNdjAbOp/<u></u>qwBmAEeFG+<u></u>dapWYg5IvMcfH0g9eatbfGRegEb2XU<br>
F5AA0q/<u></u>yve36FCG5FSZFVZLApwpIp5i4u2Dl7<u></u>pygSUT5UdY9rsxVsHQhs8DlSkw=<br>
=DpTW<br>
-----END PGP SIGNATURE-----<br>
<br>
______________________________<u></u>_________________<br>
Rdo-list mailing list<br>
<a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br>
</span><a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/rdo-list</a> [5]<span class=""><br>
<br>
______________________________<u></u>_________________<br>
Rdo-list mailing list<br>
<a href="mailto:Rdo-list@redhat.com" target="_blank">Rdo-list@redhat.com</a><br>
</span><a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/rdo-list</a> [5]<br>
</blockquote>
<br>
<br>
<br>
Links:<br>
------<br>
[1] <a href="https://review.openstack.org/#/c/104240/" target="_blank">https://review.openstack.org/#<u></u>/c/104240/</a><br>
[2] <a href="https://review.openstack.org/133421" target="_blank">https://review.openstack.org/<u></u>133421</a><br>
[3] <a href="https://review.openstack.org/132759" target="_blank">https://review.openstack.org/<u></u>132759</a><br>
[4] <a href="http://lists.openstack.org/pipermail/openstack/2014-May/007079.html" target="_blank">http://lists.openstack.org/<u></u>pipermail/openstack/2014-May/<u></u>007079.html</a><br>
[5] <a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/rdo-list</a><br>
</blockquote>
</blockquote></div><br></div>