Hi all, I'm trying to use the Nova XenAPI driver with Neutron (Open vSwitch with VLAN). After many attempts, I managed to make it work using the NoopFirewallDriver firewall_driver for security groups (which means, well, no security). With the OVSHybridIptablesFirewallDriver driver, the OVS agent running on the compute node won't configure the flows on the OVS ports. I noticed that the XenAPI plugin [1] doesn't manage standard input which seems to be a blocker for running the iptables-save and iptables-restore commands [2]. Some work has been done in the past for nova-network [3] and I guess that something similar should be implemented for Neutron. Am I right? If yes, I'd be happy to open a bug (or blueprint?). Best regards, [1] https://github.com/openstack/neutron/blob/master/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/netwrap [2] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L346 [3] https://review.openstack.org/#/c/2071 -- Simon Pasquier Software Engineer Bull, Architect of an Open World Phone: + 33 4 76 29 71 49 http://www.bull.com