Re: [Discuss] Apply rules on Virtual Router

2013-07-25 Thread Kelven Yang
slowness comes from that for very changed rule, we will have a round-trip cost of sending/executing command from management server to resource. +1 to write ruleset to a file, and if we do complete ruleset rewrite, restarting VR could also be improved (we don't need to refresh rules one by one, we

Re: [Discuss] Apply rules on Virtual Router

2013-07-23 Thread Wei ZHOU
ttal [mailto:chiradeep.vit...@citrix.com] > > > Sent: Tuesday, July 23, 2013 5:08 AM > > > To: dev@cloudstack.apache.org > > > Cc: Nguyen Anh Tu > > > Subject: Re: [Discuss] Apply rules on Virtual Router > > > > > > It is quite hard to do

Re: [Discuss] Apply rules on Virtual Router

2013-07-23 Thread Nguyen Anh Tu
ff and apply the difference? > > --Alex > > > -Original Message- > > From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] > > Sent: Tuesday, July 23, 2013 5:08 AM > > To: dev@cloudstack.apache.org > > Cc: Nguyen Anh Tu > > Subject: Re: [D

RE: [Discuss] Apply rules on Virtual Router

2013-07-23 Thread Alex Huang
ix.com] > Sent: Tuesday, July 23, 2013 5:08 AM > To: dev@cloudstack.apache.org > Cc: Nguyen Anh Tu > Subject: Re: [Discuss] Apply rules on Virtual Router > > It is quite hard to do a delta update correctly, so a complete rewrite of the > ruleset is the safest way to do it. Not sur

Re: [Discuss] Apply rules on Virtual Router

2013-07-23 Thread Chiradeep Vittal
It is quite hard to do a delta update correctly, so a complete rewrite of the ruleset is the safest way to do it. Not sure why it is "slow", but I'd compare it to the time taken to start a VM. One way to make it slightly faster is to write the ruleset to a file and use iptables-restore from the fil

Re: [Discuss] Apply rules on Virtual Router

2013-07-23 Thread Prasanna Santhanam
On Mon, Jul 22, 2013 at 08:52:34PM +0700, Nguyen Anh Tu wrote: > > While working with L3 network services, I found a problem in the process of > applying iptables rules. It currently works not good in my opinion. When > you apply a new rule (eg. StaticNat or Egress rule), Virtual Router backups >

Re: [Discuss] Apply rules on Virtual Router

2013-07-23 Thread Nguyen Anh Tu
Anyone? 2013/7/22 Nguyen Anh Tu > Hi guys, > > While working with L3 network services, I found a problem in the process > of applying iptables rules. It currently works not good in my opinion. When > you apply a new rule (eg. StaticNat or Egress rule), Virtual Router backups > old rules and re-

[Discuss] Apply rules on Virtual Router

2013-07-22 Thread Nguyen Anh Tu
Hi guys, While working with L3 network services, I found a problem in the process of applying iptables rules. It currently works not good in my opinion. When you apply a new rule (eg. StaticNat or Egress rule), Virtual Router backups old rules and re-apply all of non-revoked rules related to sourc