[Openstack-operators] Ocata security groups don't work with LBaaS v2 ports

Saverio Proto zioproto at gmail.com
Mon Mar 26 07:32:44 UTC 2018

Hello Ignazio,

it would interesting to know how this works. For instances ports,
those ports are created by openvswitch on the compute nodes, where the
neutron-agent will take care of the security groups enforcement (via
iptables or openvswitch rules).

the LBaaS is a namespace that lives where the neutron-lbaasv2-agent is running.

The question is if the neutron-lbaasv2-agent is capable for setting
iptables rules. I would start to read the code there.



2018-03-23 13:51 GMT+01:00 Ignazio Cassano <ignaziocassano at gmail.com>:
> Hi all,
> following the ocata documentation, I am trying to apply security group to a
> lbaas v2 port but
> it seems not working because any filter is applyed.
> The Port Security Enabled is True on lbaas port, so I expect applying
> security group should work.
> Is this a bug ?
> Regards
> Ignazio
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

More information about the OpenStack-operators mailing list