Hi, your proposals make sense. Having the firewall driver configuring so much things looks pretty stange. Enabling security group should be a plugin/MD decision, not a driver decision.
For ML2, in a first implementation, having vif security based on vif_type looks good too. Once OVSfirewallDriver will be available, the firewall drivers that the operator wants to use should be in a MD config file/section and ovs MD could bind one of the firewall driver during port_create/update/get. Best, Mathieu On Wed, Jan 15, 2014 at 6:29 PM, Nachi Ueno <[email protected]> wrote: > Hi folks > > Security group for OVS agent (ovs plugin or ML2) is being broken. > so we need vif_security port binding to fix this > (https://review.openstack.org/#/c/21946/) > > We got discussed about the architecture for ML2 on ML2 weekly meetings, and > I wanna continue discussion in here. > > Here is my proposal for how to fix it. > > https://docs.google.com/presentation/d/1ktF7NOFY_0cBAhfqE4XjxVG9yyl88RU_w9JcNiOukzI/edit#slide=id.p > > Best > Nachi > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
