[openstack-dev] [neutron]Performance of security group

shihanzhang ayshihanzhang at 126.com
Thu Jun 19 02:44:29 UTC 2014


Hello all,


Now in neutron, it use iptable implementing security group, but the performance of this  implementation is very poor, there is a bug:https://bugs.launchpad.net/neutron/+bug/1302272 to reflect this problem. In his test, with default security groups(which has remote security group), beyond 250-300 VMs, there were around 6k Iptable rules on evry compute node, although his patch can reduce the processing time, but it don't solve this problem fundamentally. I have commit a BP to solve this problem:https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security 
There are other people interested in this it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140619/62b60c22/attachment.html>


More information about the OpenStack-dev mailing list