Ask Your Question
1

Security groups and OVS

asked 2014-07-07 05:21:03 -0500

Krist gravatar image

In Havana the use of LibvirtHybridOVSBridgeDriver has been deprecated. However it is needed for security groups to function.

So on our stack I made the following changes In nova.conf 

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

And I enabled ipfiltering on the bridge:

sysctl -w net.bridge.bridge-nf-call-iptables = 1

This makes security groups work again, however this comes with a rather hefty performance penalty.

I have therefore two questions: - How can I mitigate this performance problem? - If using LibvritHybridOVSBridge is deprecated, what should I actually use in stead?

edit retag flag offensive close merge delete

Comments

Will this make security groups work again? And how do I configure ML2 on Havana? Documentation for Havana asumes you're using OVS...

Krist gravatar imageKrist ( 2014-07-08 03:37:33 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-07 09:00:30 -0500

SGPJ gravatar image

You can use ML2 and for security Fwaas.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-07-07 05:21:03 -0500

Seen: 125 times

Last updated: Jul 07 '14

Related questions

Why is openvswitch forwarding arp packets between external and internal bridge?

Havana Neutron flat dhcp network

How to use multiple neutron plugins on same compute node? [closed]

How to connect the VM to the internet

DHCP agent log error:neutron.agent.linux.utils [-] 'Cannot open network namespace: No such file or directory\n'

multiple possible networks found

cannot ping 203.0.113.101 icehouse

Neutron configuration with libvirt

can we use any mechanism driver without OVS switch?

Using a VNC client to connect to a vm