Hello all, We are iterating on a design document for Security Groups implementation in Dragonflow. [1] This design leverage the fact that Dragonflow distribute policy level abstraction to the local controllers and has Security Group as a first class citizen. The design tries to tackle the challenges of Security groups deployment at scale both for the data plane performance but also for the control plane performance (keeping the number of OVS flows to minimum - one per security rule and not needing to recompile security group flows on VMs additions/deletions/updates) You are also invited to read a blog post [2] i wrote about it, similar to the spec. We would like to hear your comments/ideas/opinions, please let us know if you find anything invalid in the proposed solution. Thanks Gal [1] https://review.openstack.org/#/c/261903/ [2] http://galsagie.github.io/sdn/openstack/ovs/dragonflow/2015/12/28/dragonflow-security-groups/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151229/b1808c3c/attachment.html>