On 25 April 2016 at 11:20, Rubab Syed <rubab.syed21 at gmail.com> wrote: > Hi folks, > > I'm writing a plugin for Monasca to monitor traffic at layer 3. My Neutron > backend is OVS and I'm using iptables of network namespaces for getting > traffic counters. Would the following rules in router namespace cover all > the traffic at layer 3 per router per tenant? > > - Chain MONASCA-INPUT in filter table > - src: anywhere dest: gateway port IP // north-south traffic for > SNATed and FIPs > > - Chain MONASCA-FORWARD in filter table > - src: anywhere dest: anywhere // east-west traffic > inter-network and intra-network > > - Chain MONASCA-OUTPUT in filter table > - src: gateway port dest: anywhere // north-south traffic from > VMs to public network > > > Would these be sufficient or am I missing something? > Have you looked at the iptables driver already available in Neutron [1]? That should give enough pointers. [1] https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py > > Thanks! > > Rubab > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160425/e14282ed/attachment.html>