This sounds like a good idea to handle some of the performance issues until the ovs firewall can be implemented down the the line. Do you have any performance comparisons? On Jun 18, 2014 7:46 PM, "shihanzhang" <[email protected]> wrote:
> Hello all, > > Now in neutron, it use iptable implementing security group, but the > performance of this implementation is very poor, there is a bug: > https://bugs.launchpad.net/neutron/+bug/1302272 to reflect this problem. > In his test, with default security groups(which has remote security > group), beyond 250-300 VMs, there were around 6k Iptable rules on evry > compute node, although his patch can reduce the processing time, but it > don't solve this problem fundamentally. I have commit a BP to solve this > problem: > https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security > <https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security,> > There are other people interested in this it? > > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
