On Fri, Oct 31, 2014 at 10:09 AM, Gurucharan Shetty <shet...@nicira.com> wrote: > On Thu, Oct 30, 2014 at 11:55 PM, FengYu LeiDian > <fengyuleidian0...@gmail.com> wrote: >> Hi, all >> >> Standard openstack has a Linux bridge on top of openvswitch bridge[1] >> this Linux bridge is used to setup iptables rule to allow VM access >> to the outside world, for example, allow VM port 22 access, so external >> host could ssh to this VM. >> >> Can openvswitch bridge has the same mechanism to be allowed to set rules >> as the same effort as that of iptables linux bridge? > Yes. The controller that you use should be capable of adding openflow > rules to do it. > That's not entirely true. We can't fully implement security groups using OVS until we get this work [1] in. There was work to do security groups using OpenFlow during the Icehouse/Juno timeframe, but the team doing the work determined they could only do 70% of what the existing SGs with iptables can do, so they've scrapped it until the work I referenced is upstream and then back downstream into the distros.
Thanks, Kyle [1] http://openvswitch.org/pipermail/dev/2014-May/040567.html >> >> >> Thanks >> >> [1]: >> http://docs.openstack.org/admin-guide-cloud/content/figures/14/a/a/common/figures/under-the-hood-scenario-1-ovs-compute.png >> >> >> _______________________________________________ >> discuss mailing list >> discuss@openvswitch.org >> http://openvswitch.org/mailman/listinfo/discuss > _______________________________________________ > discuss mailing list > discuss@openvswitch.org > http://openvswitch.org/mailman/listinfo/discuss _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
