Bug 1042408

Summary: [RFE][neutron]: Open vSwitch-based Security Groups: Open vSwitch Implementation of FirewallDriver
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-neutronAssignee: Miguel Angel Ajo <mangelajo>
Status: CLOSED UPSTREAM QA Contact: Ofer Blaut <oblaut>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: chrisw, lpeer, majopela, mangelajo, marius.borze, markmc, mschuppe, myllynen, nyechiel, oblaut, yeylon
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: 8.0 (Liberty)Flags: majopela: needinfo-
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver
Whiteboard: upstream_milestone_next upstream_status_deferred upstream_definition_obsolete
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-24 10:48:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 799011, 1038706    

Description RHOS Integration 2013-12-12 22:10:38 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver.

Description:

Purpose: To support the security groups extension in the OVS neutron agent through OVS flows using the existing OVS library with feature parity to the existing iptables-based implementations. In Icehouse, the existing openvswitch plugin is being deprecated, so the blueprint is compatible with the ML2 plugin with the openvswitch mechanism driver.

Current neutron.agent.firewall.FirewallDriver implementations are based off of iptables (neutron/agent/linux/iptables_firewall.py: IptablesFirewallDriver, OVSHybridIptablesFirewallDriver). This blueprint describes implementing a FirewallDriver sub-class with Open vSwitch.

Specification URL (additional information):

None
Comment 2 lpeer 2014-02-12 08:18:01 UTC 
Postponed in u/s because the ovs feature required for this bp (tcp_flags in OVS 2.1.x) won't be shipped in time for icehouse.
Comment 3 Nir Yechiel 2014-07-15 11:48:39 UTC 
Updating based on u/s status
Comment 7 Nir Yechiel 2015-09-24 10:48:19 UTC 
This was originally cloned from the upstream blueprint and the blueprint was not implemented yet in upstream as of Liberty. Closing for now as there is no special reason to track it on Red Hat bugzilla.