firewall driver is per agent config. So it fine to have SR-IOV agent firewall as noop and OVS agent as ovs/hybrid.
-----Original Message----- From: GABRIEL OMAR GAMERO MONTENEGRO gabriel.gamero@pucp.edu.pe Sent: Tuesday, October 6, 2020 1:12 AM To: openstack-discuss@lists.openstack.org Subject: [neutron] Security groups with SR-IOV as a second ML2 mechanism driver
External email: Use caution opening links or attachments
Dear all,
I'm planning to use the SR-IOV Networking L2 Agent with another L2 Agent as Open vSwitch or Linux Bridge (a configuration with multiple ML2 mechanism drivers).
Does anybody know if I can use the Open vSwitch or Linux Bridge L2 agents with security group feature (implemented with iptables firewall driver or Native Open vSwitch firewall driver)? Or am I restricted to apply no security to my instances because SR-IOV L2 agent is being used as a second mechanism driver in the same OpenStack deployment?
Thanks in advance, Gabriel Gamero