Ask Your Question
1

Security groups and OVS

asked 2014-07-07 05:21:03 -0500

Krist gravatar image

In Havana the use of LibvirtHybridOVSBridgeDriver has been deprecated. However it is needed for security groups to function.

So on our stack I made the following changes In nova.conf 

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

And I enabled ipfiltering on the bridge:

sysctl -w net.bridge.bridge-nf-call-iptables = 1

This makes security groups work again, however this comes with a rather hefty performance penalty.

I have therefore two questions: - How can I mitigate this performance problem? - If using LibvritHybridOVSBridge is deprecated, what should I actually use in stead?

edit retag flag offensive close merge delete

Comments

Will this make security groups work again? And how do I configure ML2 on Havana? Documentation for Havana asumes you're using OVS...

Krist gravatar imageKrist ( 2014-07-08 03:37:33 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-07 09:00:30 -0500

SGPJ gravatar image

You can use ML2 and for security Fwaas.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-07-07 05:21:03 -0500

Seen: 100 times

Last updated: Jul 07 '14

Related questions

Havana - Dual Node using using Neutron GRE

Unable to delete instances in 'ERROR' state

[neutron] network node can't ping external network

How to create multiple regions using Packstack on Havana [closed]

How do I find out all images owned by a tenant?

openvswitch, missing phy-br-eth1 and int-br-eth1

Not showing qrouter

Instance not getting IP

Virtual Interface creation failed... Could not bind to 0.0.0.0:9696

LBaaS / Octavia and Neutron DVR