On 3/7/13 12:22 AM, "Dave Cahill" <dcah...@midokura.com> wrote:
>Hi Chiradeep, > >Thanks for jumping in, great to get feedback on this one. > >However, SecurityGroups are handled by SecurityGroupManagerImpl, which >simply sends a Command to the agent without checking for, or calling >into, a SecurityGroupsProvider. In other words, it's not pluggable. > >That's the background for why we're interested in pluggability for the >service. Yes, it should be pluggable, but it isn't currently. Patches welcome. > >Our second question was aimed at checking our understanding of >Anthony's response: "as for SG enabled shared network, current plan is >only support Virtual Router as service provider". It sounds like this >would make all of the other Providers (external ones like F5 as well >as virtual ones like Nicira) unusable in a SG-enabled Advanced Shared >network, but we wanted to double-check that. I don't see anything in the code that would preclude that. I think given the scope of testing with myriad providers, he was merely stating that he would vouch for it working with the virtual router. > >Lastly we wanted to understand timelines. The last comment on >CLOUDSTACK-737 shows the feature being reverted, so we were wondering >when it's aimed for master, and also to understand when Security >Groups on Advanced Isolated mode is scheduled to hit master. As I said, there's hypervisor-level issues being sorted out. I'll let Anthony reply on that one. >
