+1 for an answer to this. The reference documentation suggests running Neutron OVS with a total of 6 software switches between the VM and public NAT addresses. [1] What are the performances differences folks see with this configuration vs. the 2 software switch configuration for linux bridge?
[1] http://docs.openstack.org/grizzly/openstack-network/admin/content/under_the_hood_openvswitch.html#d6e1178 On Tue, Sep 3, 2013 at 8:34 AM, Lorin Hochstein <[email protected]>wrote: > (Also asked at > https://ask.openstack.org/en/question/4718/security-groups-with-ovs-instead-of-iptables/ > ) > > The only security group implementations in neutron seem to be > iptables-based. Is it technically possible to implement security groups > using openvswitch flow rules, instead of iptables rules? > > It seems like this would cut down on the complexity associated with the > current OVSHybridIptablesFirewallDriver implementation, where we need to > create an extra linux bridge and veth pair to work around the > iptables-openvswitch issues. (This also breaks if the user happens to > install the openvswitch brcompat module). > > Lorin > -- > Lorin Hochstein > Lead Architect - Cloud Services > Nimbis Services, Inc. > www.nimbisservices.com > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
