<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 25 April 2016 at 11:20, Rubab Syed <span dir="ltr"><<a href="mailto:rubab.syed21@gmail.com" target="_blank">rubab.syed21@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi folks,<div><br></div><div>I'm writing a plugin for Monasca to monitor traffic at layer 3. My Neutron backend is OVS and I'm using iptables of network namespaces for getting traffic counters. Would the following rules in router namespace cover all the traffic at layer 3 per router per tenant?</div><div><br></div><div>- Chain MONASCA-INPUT in filter table<br></div><div>   - src: anywhere     dest: gateway port IP   // north-south traffic for SNATed and FIPs</div><div><br></div><div>- Chain MONASCA-FORWARD in filter table</div><div>  - src: anywhere       dest: anywhere          // east-west traffic inter-network and intra-network</div><div><br></div><div>- Chain MONASCA-OUTPUT in filter table</div><div>  - src: gateway port     dest: anywhere      // north-south traffic from VMs to public network</div><div><br></div><div><br></div><div>Would these be sufficient or am I missing something?</div></div></blockquote><div><br></div><div>Have you looked at the iptables driver already available in Neutron [1]? That should give enough pointers.</div><div><br></div><div>[1] <a href="https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py">https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>Thanks!</div><span class=""><font color="#888888"><div><br></div><div>Rubab</div></font></span></div>
<br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>