Ask Your Question
1

Security groups and OVS

asked 2014-07-07 05:21:03 -0500

Krist gravatar image

In Havana the use of LibvirtHybridOVSBridgeDriver has been deprecated. However it is needed for security groups to function.

So on our stack I made the following changes In nova.conf 

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

And I enabled ipfiltering on the bridge:

sysctl -w net.bridge.bridge-nf-call-iptables = 1

This makes security groups work again, however this comes with a rather hefty performance penalty.

I have therefore two questions: - How can I mitigate this performance problem? - If using LibvritHybridOVSBridge is deprecated, what should I actually use in stead?

edit retag flag offensive close merge delete

Comments

Will this make security groups work again? And how do I configure ML2 on Havana? Documentation for Havana asumes you're using OVS...

Krist gravatar imageKrist ( 2014-07-08 03:37:33 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-07 09:00:30 -0500

SGPJ gravatar image

You can use ML2 and for security Fwaas.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-07-07 05:21:03 -0500

Seen: 120 times

Last updated: Jul 07 '14

Related questions

How do I modify the IP pool?

Havana Neutron flat dhcp network

Single Node Havana Setup

No DHCP agents available

neutron generate random MAC

post creation failing

VirtualInterfaceCreateException: Virtual Interface creation failed

Is there a OpenVPN driver for VPNaaS?

Instance failed to spawn

Unable to create security group.