Hello all,
Now in neutron, it use iptable implementing security group, but the performance
of this implementation is very poor, there is a
bug:https://bugs.launchpad.net/neutron/+bug/1302272 to reflect this problem. In
his test, with default security groups(which has remote security group), beyond
250-300 VMs, there were around 6k Iptable rules on evry compute node, although
his patch can reduce the processing time, but it don't solve this problem
fundamentally. I have commit a BP to solve this
problem:https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security
There are other people interested in this it?
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
