Hello all, Now in neutron, it use iptable implementing security group, but the performance of this implementation is very poor, there is a bug:https://bugs.launchpad.net/neutron/+bug/1302272 to reflect this problem. In his test, with default security groups(which has remote security group), beyond 250-300 VMs, there were around 6k Iptable rules on evry compute node, although his patch can reduce the processing time, but it don't solve this problem fundamentally. I have commit a BP to solve this problem:https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security There are other people interested in this it? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140619/62b60c22/attachment.html>