Hi Roman, On Mon, May 14, 2012 at 4:54 AM, Roman Sokolkov <rsokol...@gmail.com> wrote:
> Hello,folks! > > We use XCP + quantum + tenant vlans . One XCP box and one Ubuntu 12.04 > box(controller). Nova-compute host it is domU on XCP. Boxes connected with > patch-cord and we able to use VLANs inside. > > There are problems with security groups. They not work at all. > > We > use firewall_driver=nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver. > And I see expected iptables rules on Dom0, but without any profit. As I > understand iptables couldn't work with L2 openvswitch traffic? > Nova's existing security group implementation isn't compatible with all Quantum plugins, as Quantum plugins can use different technologies to implement packet filtering. In Folsom-2, we're targeting a security groups framework within Quantum that will let Quantum plugins provide their own security group implementations (including, but not limited to using iptables). Dan > > -- > Regards, Roman Sokolkov > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dan Wendlandt Nicira, Inc: www.nicira.com twitter: danwendlandt ~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
