On Fri, Oct 31, 2014 at 8:19 AM, Kyle Mestery <mest...@mestery.com> wrote: > On Fri, Oct 31, 2014 at 10:09 AM, Gurucharan Shetty <shet...@nicira.com> > wrote: >> On Thu, Oct 30, 2014 at 11:55 PM, FengYu LeiDian >> <fengyuleidian0...@gmail.com> wrote: >>> Hi, all >>> >>> Standard openstack has a Linux bridge on top of openvswitch bridge[1] >>> this Linux bridge is used to setup iptables rule to allow VM access >>> to the outside world, for example, allow VM port 22 access, so external >>> host could ssh to this VM. >>> >>> Can openvswitch bridge has the same mechanism to be allowed to set rules >>> as the same effort as that of iptables linux bridge? >> Yes. The controller that you use should be capable of adding openflow >> rules to do it. >> > That's not entirely true. We can't fully implement security groups > using OVS until we get this work [1] in. There was work to do security > groups using OpenFlow during the Icehouse/Juno timeframe, but the team > doing the work determined they could only do 70% of what the existing > SGs with iptables can do, so they've scrapped it until the work I > referenced is upstream and then back downstream into the distros. I see, thanks for correcting me. So "security group" in openstack includes support for statefull firewall?
> > Thanks, > Kyle > > [1] http://openvswitch.org/pipermail/dev/2014-May/040567.html > >>> >>> >>> Thanks >>> >>> [1]: >>> http://docs.openstack.org/admin-guide-cloud/content/figures/14/a/a/common/figures/under-the-hood-scenario-1-ovs-compute.png >>> >>> >>> _______________________________________________ >>> discuss mailing list >>> discuss@openvswitch.org >>> http://openvswitch.org/mailman/listinfo/discuss >> _______________________________________________ >> discuss mailing list >> discuss@openvswitch.org >> http://openvswitch.org/mailman/listinfo/discuss _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
