[openstack-dev] [Neturon] firewall_driver and ML2 and vif_security discussion
Mathieu Rohon
mathieu.rohon at gmail.com
Thu Jan 16 09:43:14 UTC 2014
Hi,
your proposals make sense. Having the firewall driver configuring so
much things looks pretty stange.
Enabling security group should be a plugin/MD decision, not a driver decision.
For ML2, in a first implementation, having vif security based on
vif_type looks good too.
Once OVSfirewallDriver will be available, the firewall drivers that
the operator wants to use should be in a MD config file/section and
ovs MD could bind one of the firewall driver during
port_create/update/get.
Best,
Mathieu
On Wed, Jan 15, 2014 at 6:29 PM, Nachi Ueno <nachi at ntti3.com> wrote:
> Hi folks
>
> Security group for OVS agent (ovs plugin or ML2) is being broken.
> so we need vif_security port binding to fix this
> (https://review.openstack.org/#/c/21946/)
>
> We got discussed about the architecture for ML2 on ML2 weekly meetings, and
> I wanna continue discussion in here.
>
> Here is my proposal for how to fix it.
>
> https://docs.google.com/presentation/d/1ktF7NOFY_0cBAhfqE4XjxVG9yyl88RU_w9JcNiOukzI/edit#slide=id.p
>
> Best
> Nachi
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list