Hello, netstack gurus! I have problem with iptables filtering on XCP. We use two physical boxes: XCP(with domU compute) and Ubuntu 12.04(controller). They connected by patch-cord, so we could use internal vlans. We use quantum. nova-compute creates expected iptables rules on dom0, but they have no effect . This because traffic between VMs goes inside OVS and doesn't touch IP stack of host system. Security groups not work at all:( Using OVS OpenFlow impementation I think it is the best solution.
In this blueprint (http://wiki.openstack.org/xenapi-security-groups) openflow security groups don't implemented. R2B. XS/XCP uses Open vSwitch networking stack, security groups are > configured through flow tables in Open vSwitch and Security groups still configured thru iptables. R2A. XS/XCP uses Open vSwitch networking stack, security groups still > configured through iptables Is it temporary and non-working solution or may be it works, but required additional configuring? Many thanks.. -- Regards, Roman Sokolkov
-- Mailing list: https://launchpad.net/~netstack Post to : netstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~netstack More help : https://help.launchpad.net/ListHelp
