Hi Salvatore, It hit me that there is an additional problem with implementing security groups using OVS: security groups are stateful firewalls, but there seems to be no obvious way to program a stateful firewall into OVS (unless you write a conntrack process that maintains the state with additional rules).
-- Chiradeep On 6/19/12 7:52 PM, "Salvatore Orlando" <[email protected]> wrote: >Hi, > >I've put together - actually I'm still finishing it - a potential list of >improvements for the Open vSwitch tunnel manager. >It is available on the cloudstack wiki at [1]. >Your feedback, as usual, is more than welcome! Please feel free to add >more items to the list! > >Regards, >Salvatore > >[1] >http://wiki.cloudstack.org/display/RelOps/Open+vSwitch+tunnel+manager+impr >ovements
