Open Stack

Hi all,

We're looking for a migration path to move from using Quantum + Nova's
iptables firewall, to purely Quantum + Firewall. We have successfully setup
Quantum's firewall to interact with Nova, and newly created instances on
our test node work great.

However, we are experiencing some issues with existing instances. There are
some unpredictable results, including complete loss of connectivity. One
way we have found to fix this is to migrate them to another host and then
back again. This reconfigures the firewall entirely, and seems to do
everything well.

The problem with this approach is that we cannot use nova's live-migration
due to our disk caching settings, so the instances must be powered down,
the database then updated, and the instance hard rebooted.

Has anyone performed this migration path? If so, any pointers?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130829/461c98ee/attachment.html>