Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The Access and Security Group rules are applied on to tap device of an instance.So it is at instance level. If suppose a VM is moved from one compute node to another, that tap device is also found migrated during the live migration of instance. This can be verified using commands like neutron port show or iptables -L in the compute node. Not pretty much sure about the mulitple networks for an instance. The below link may be of some help: https://www.rdoproject.org/networking/networking-in-too-much-detail/