[openstack-dev] [neutron]Performance of security group

Kevin Benton blak111 at gmail.com
Thu Jun 19 02:55:56 UTC 2014

This sounds like a good idea to handle some of the performance issues until
the ovs firewall can be implemented down the the line.
Do you have any performance comparisons?
On Jun 18, 2014 7:46 PM, "shihanzhang" <ayshihanzhang at 126.com> wrote:

> Hello all,
> Now in neutron, it use iptable implementing security group, but the
> performance of this  implementation is very poor, there is a bug:
> https://bugs.launchpad.net/neutron/+bug/1302272 to reflect this problem.
> In his test, with default security groups(which has remote security
> group), beyond 250-300 VMs, there were around 6k Iptable rules on evry
> compute node, although his patch can reduce the processing time, but it
> don't solve this problem fundamentally. I have commit a BP to solve this
> problem:
> https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security
> <https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security,>
> There are other people interested in this it?
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140618/26fb06fd/attachment.html>

More information about the OpenStack-dev mailing list