Ask Your Question

security groups on internal network

asked 2016-01-21 11:07:13 -0600

gparaskevas gravatar image

updated 2016-01-21 11:08:01 -0600

Hello there,

I have poc installation on of OpenStack Kilo based on Openstack-anasible. I create a vlan network with dhcp enabled and instances get ip from that subnet. Now that subnet has a gateway on my actual netwoork device of the ofice so l3 is doen by external equipment. So it goes like that instance->neutron l2->compute host->network device. Now my question, are security groups supposed to work on such an implementation? I ask because they dont seem to have influence on my instances. Thank you George

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-01-21 17:27:02 -0600

updated 2016-01-21 17:31:57 -0600


Check the link below for more information about how network traffic works in OpenStack, especially focus on compute node section, where they explain security groups.

Answering your question, security groups should work in your environment becouse their are directly applied on instance's tap devices inside compute nodes.


edit flag offensive delete link more


Hello Eduardo, really appreciate your feedback, this is what i am seeing too. I will investigate more to see where is my problem. I just wanted it to make sure it was ment to work that way as well! Thanks!

gparaskevas gravatar imagegparaskevas ( 2016-01-22 04:34:20 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-01-21 11:07:13 -0600

Seen: 267 times

Last updated: Jan 21 '16