[Openstack] xcp+quantum+vlans= not working security groups
Dan Wendlandt
dan at nicira.com
Mon May 14 17:27:51 UTC 2012
Hi Roman,
On Mon, May 14, 2012 at 4:54 AM, Roman Sokolkov <rsokolkov at gmail.com> wrote:
> Hello,folks!
>
> We use XCP + quantum + tenant vlans . One XCP box and one Ubuntu 12.04
> box(controller). Nova-compute host it is domU on XCP. Boxes connected with
> patch-cord and we able to use VLANs inside.
>
> There are problems with security groups. They not work at all.
>
> We
> use firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver.
> And I see expected iptables rules on Dom0, but without any profit. As I
> understand iptables couldn't work with L2 openvswitch traffic?
>
Nova's existing security group implementation isn't compatible with all
Quantum plugins, as Quantum plugins can use different technologies to
implement packet filtering. In Folsom-2, we're targeting a security groups
framework within Quantum that will let Quantum plugins provide their own
security group implementations (including, but not limited to using
iptables).
Dan
>
> --
> Regards, Roman Sokolkov
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120514/0568e506/attachment.html>
More information about the Openstack
mailing list