[ovs-discuss] conntrack with openvswitch
Justin Pettit
jpettit at nicira.com
Thu Jan 29 20:48:34 UTC 2015
> On Jan 28, 2015, at 4:26 PM, Ashok Chippa <a.n.chippa at gmail.com> wrote:
>
> Where can I find a working version of conntrack+openvswitch code?
Here's the latest version that's checked in:
https://github.com/justinpettit/ovs/tree/conntrack
> And can someone please point me to a document explaining how to install conntrack with openvswitch? I have many questions on conntrack with openvswitch...
>
> Q1: What is the role of conntrackd in (conntrack+openvswitch)?
conntrackd is a userspace utility that deals with the conntrack kernel module. It should work fine.
> Q2: Is the packet punted to ovs-vswitchd (along with ct_id?) and how does DPI fit into this?
Yes, the packet will be sent to ovs-vswitchd. There are some slides from a presentation I gave at the OVS 2014 Fall Conference that describe the architecture:
http://openvswitch.org/support/ovscon2014/17/1030-conntrack_nat.pdf
> Q3: Where are app_id, conntrack_mark stored? In the conntrack flow?
The connmark is stored in the conntrack entry.
> Q4: Where does the netfilter conntrack kernel module store the connection state? In the flow itself?
The conntrack kernel module maintains the connection state itself.
> Q5: When is openvswitch 2.4 coming out? Will it include conntrack and DPI?
We're planning to send the conntrack code to the kernel maintainers next week or the week after. We'll most likely branch for 2.4 once it's (hopefully) accepted upstream, and it will probably take three or four weeks to test it. I doubt DPI will arrive in 2.4.
> Q6: Will openvswitch 2.4 include documentation describing in details the various components and their interactions?
The documentation will describe the API for interfacing with conntrack, but I don't think there will be an architectural description beyond something like the slides I mentioned earlier.
--Justin
More information about the discuss
mailing list