Security groups are stateful firewalls -- currently it is not possible to do stateful firewalling inside OVS (you could write a controller or buy one that does it however). KVM (linux v 3.2 onwards) now has the ability to chain OVS and bridge so technically it should be possible only on those hypervisors.
On 4/19/13 3:45 AM, "Venkata SwamyBabu Budumuru" <venkataswamybabu.budum...@citrix.com> wrote: >By mistake, hit the send button before writing the actual message > > >Looks like cloudstack + Xen only supports SecurityGroups with bridge as >backend. Can someone shed some light on the technical reasons behind we >we don't support it on OVS? > >Thanks, >SWAMY > >-----Original Message----- >From: Venkata SwamyBabu Budumuru >[mailto:venkataswamybabu.budum...@citrix.com] >Sent: Friday, 19 April 2013 3:56 PM >To: us...@cloudstack.apache.org; dev@cloudstack.apache.org >Subject: what are the technical reason for not supporting security groups >on ovs? > >Thanks, >SWAMY
