Ask Your Question
1

Security groups and OVS

asked 2014-07-07 05:21:03 -0600

Krist gravatar image

In Havana the use of LibvirtHybridOVSBridgeDriver has been deprecated. However it is needed for security groups to function.

So on our stack I made the following changes In nova.conf 

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

And I enabled ipfiltering on the bridge:

sysctl -w net.bridge.bridge-nf-call-iptables = 1

This makes security groups work again, however this comes with a rather hefty performance penalty.

I have therefore two questions: - How can I mitigate this performance problem? - If using LibvritHybridOVSBridge is deprecated, what should I actually use in stead?

edit retag flag offensive close merge delete

Comments

Will this make security groups work again? And how do I configure ML2 on Havana? Documentation for Havana asumes you're using OVS...

Krist gravatar imageKrist ( 2014-07-08 03:37:33 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-07 09:00:30 -0600

SGPJ gravatar image

You can use ML2 and for security Fwaas.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-07-07 05:21:03 -0600

Seen: 138 times

Last updated: Jul 07 '14

Related questions

swift check cluster health

Neutron ML2 questions

Why is Liberty Neutron DVR so slow?

Neutron fails to bind port when launching VM

neutron dhcp issues

vxlan peers not being created on compute node (vm not getting dhcp)

External network is not reachable from subnet

ip netns - iptables

Changing DNS Server ( nameserver ) added to /etc/resolv.conf on instances

Instance is not getting a static IP