Hi, On IRC Yair Fried reminded me that we have not yet solved the issue around security groups not enforced on the gate. An accurate report of the current status is here [1] And it seems there is some consensus around using the additional port binding parameters for security groups (lp: [2] and gerrit: [3]) to solve this issue and ensure the hybrid driver is used again by nova when neutron security groups are enforced via iptables. I know that Amir Sadoughi and other are working on a ovs-based implementation of security group which will make the hybrid driver unnecessary; however, since I'm not up to date about the progress on this feature, I think we should strive to solve this issue, which at the end of the day is probably just a configuration issue, as soon as possible. The gerrit patch has not received a review in 3 weeks, so perhaps it's time to give it some more attention. Regards, Salvatore [1] https://bugs.launchpad.net/devstack/+bug/1252620 [2] https://bugs.launchpad.net/nova/+bug/1112912 [3] https://review.openstack.org/#/c/21946/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140105/92c480d9/attachment.html>