[openstack-dev] [neutron] Why neutron-openvswitch-agent use linux-bridge?

Collins, Sean (Contractor) Sean_Collins2 at cable.comcast.com
Wed Nov 27 19:40:27 UTC 2013

On Wed, Nov 27, 2013 at 09:29:16PM +0200, George Shuklin wrote:
> Why iptables, not internal openvswitch flow rules? Those rules allows to
> filter packets on L2-L4 headers and operates very fast. Is some
> iptables-only features used in ovs-agent?

I've seen a couple references floating around about a Security Group
driver, implemented using OpenFlow[1] as well as some mailing list
discussions[2]. Perhaps it is time for a blueprint to be registered?  

[1] https://wiki.openstack.org/wiki/Neutron/SecurityGroups#Implementations
[2] http://openstack.markmail.org/thread/gxzb2opgm7mvb7h4

Sean M. Collins

More information about the OpenStack-dev mailing list