Ask Your Question
1

Security groups and OVS

asked 2014-07-07 05:21:03 -0500

Krist gravatar image

In Havana the use of LibvirtHybridOVSBridgeDriver has been deprecated. However it is needed for security groups to function.

So on our stack I made the following changes In nova.conf 

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

And I enabled ipfiltering on the bridge:

sysctl -w net.bridge.bridge-nf-call-iptables = 1

This makes security groups work again, however this comes with a rather hefty performance penalty.

I have therefore two questions: - How can I mitigate this performance problem? - If using LibvritHybridOVSBridge is deprecated, what should I actually use in stead?

edit retag flag offensive close merge delete

Comments

Will this make security groups work again? And how do I configure ML2 on Havana? Documentation for Havana asumes you're using OVS...

Krist gravatar imageKrist ( 2014-07-08 03:37:33 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-07 09:00:30 -0500

SGPJ gravatar image

You can use ML2 and for security Fwaas.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-07-07 05:21:03 -0500

Seen: 81 times

Last updated: Jul 07 '14

Related questions

neutron(havana) with floodlight can't ping vm

Different usecases using ML2

Newton DHCP Agent Problem

neutron-openvswitch-agent.service not starting

force_dhcp_release for Neutron?

neutron: publicURL endpoint for network service not found

Firewall-as-a-Service (FWaaS) installation!?

Neutron: linuxbridge-agent always entering failed state

cannot ping vm from outside network

lbaas Unable to retrieve ready devices