<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div><span style="font-family: tahoma, sans-serif; line-height: 21.203636169433594px;">Hello all,</span></div><div><span style="font-family: tahoma, sans-serif; line-height: 21.203636169433594px;"><br></span></div><div><span style="font-family: tahoma, sans-serif; line-height: 21.203636169433594px;">Now in neutron, it use iptable </span><font face="tahoma, sans-serif"><span style="line-height: 21.203636169433594px;">implementing security group, but the performance of this  implementation is very poor, there is a bug:</span><a href="https://bugs.launchpad.net/neutron/+bug/1302272" _src="https://bugs.launchpad.net/neutron/+bug/1302272" style="line-height: 21.203636169433594px;">https://bugs.launchpad.net/neutron/+bug/1302272</a><span style="line-height: 21.203636169433594px;"> to reflect this problem. In his test, w</span><span style="line-height: 21.203636169433594px;">ith default security groups(which has remote security group), beyond 250-300 VMs, there were around 6k Iptable rules on evry compute node, although his patch can reduce the processing time, but it don't solve this problem fundamentally. I have commit a BP to </span></font><span style="font-family: tahoma, sans-serif; line-height: 21.203636169433594px; font-size: 14px;">solve this problem:</span><font face="tahoma, sans-serif"><span style="line-height: 21.203636169433594px;"><a href="https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security," _src="https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security,">https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security</a> </span></font></div><div><font face="tahoma, sans-serif"><span style="line-height: 21.203636169433594px;">There are other people interested in this it?</span></font></div></div><br><br><span title="neteasefooter"><span id="netease_mail_footer"></span></span>