During Juno, we introduced the enhanced security groups rpc (security_groups_info_for_devices) instead of (security_group_rules_for_devices), and the ipset functionality to offload iptable chains a bit.
Here I propose to: 1) Remove the old security_group_info_for_devices, which was left to ease operators upgrade path from I to J (allowing running old openvswitch agents as we upgrade) Doing this we can cleanup the current iptables firewall driver a bit from unused code paths. I suppose this would require a major RPC version bump. 2) Remove the option to disable ipset (now it’s enabled by default and seems to be working without problems), and make it an standard way to handle “IP” groups from the iptables perspective. Thoughts?, Best regards, Miguel Ángel Ajo
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
