It is not clear on what is the feature and what needs to be tested. We would need more details. A conditional ack is provided for now.

This feature is to support stateless ACL rules for OSP17+ and OVN. This is achieved by setting stateless=True for a security group. In which case, SG rules that belong to the group will be stateless (no connection tracking enabled). It should save some CPU cycles since conntrack tables are omitted. We expect to see somewhere around 10-15% bandwidth and latency savings, depending on protocol and scenario. Both stateful and stateless rules can be defined for a port (in OSP context they would have to belong to different SGs). All stateless rules take precedence over stateful rules (it's an implementation detail). 

Some info on neutron API here: https://docs.openstack.org/api-ref/network/v2/#stateful-security-groups-extension-stateful-security-group

This should now be available in OSP17. This should probably be moved to ON_QA, but I will let the assignee do it.

Hi Eran

We will have to get this in 17.1 for Verizon as well. Going through their requirements, I see that they have explicitly listed it. To make their upgrade to 17.1 and OVN migration successful, we will have to support this.

If QE capacity is a challenge, we should escalate the concern now. 

Regards
Gurpreet

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days