[neutron] Performance impact for attaching Security Group with more number of rules

Dhanasekar Kandasamy dhana.sys at gmail.com
Wed Jan 6 21:20:48 UTC 2021


We have an OpenStack Environment with 5000+ VMs running currently. I want
to apply some common Security Group to all my running VMs.

   - Common Security Group (SEC_GRP_COMMON) has around 700 rules.
   - This Security Group (SEC_GRP_COMMON) has been shared to all the
   OpenStack Projects using Role-Based Access Control (RBAC).
   - Wanted to apply this Security Group (SEC_GRP_COMMON) to all the
   running VMs in the Cloud

*Question 1*: With the above scenario, what will happen if I attach this
Security Group(with 700+ rules) to all the 5000+ VMs? Will there be any
performance issue/impact for the same (CPU utilization, Memory etc. in the
Compute Server or Performance issues in application running in the VMs)

*Question 2*: Is there any recommendations or benchmark data for maximum
number of rules in the Security Group in OpenStack cloud?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210107/55b589a2/attachment-0001.html>

More information about the openstack-discuss mailing list