Ask Your Question
0

security groups on internal network

asked 2016-01-21 11:07:13 -0500

gparaskevas gravatar image

updated 2016-01-21 11:08:01 -0500

Hello there,

I have poc installation on of OpenStack Kilo based on Openstack-anasible. I create a vlan network with dhcp enabled and instances get ip from that subnet. Now that subnet has a gateway on my actual netwoork device of the ofice so l3 is doen by external equipment. So it goes like that instance->neutron l2->compute host->network device. Now my question, are security groups supposed to work on such an implementation? I ask because they dont seem to have influence on my instances. Thank you George

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-01-21 17:27:02 -0500

updated 2016-01-21 17:31:57 -0500

Hi,

Check the link below for more information about how network traffic works in OpenStack, especially focus on compute node section, where they explain security groups. https://www.rdoproject.org/networking/networking-in-too-much-detail/

Answering your question, security groups should work in your environment becouse their are directly applied on instance's tap devices inside compute nodes.

Regards

edit flag offensive delete link more

Comments

Hello Eduardo, really appreciate your feedback, this is what i am seeing too. I will investigate more to see where is my problem. I just wanted it to make sure it was ment to work that way as well! Thanks!

gparaskevas gravatar imagegparaskevas ( 2016-01-22 04:34:20 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-01-21 11:07:13 -0500

Seen: 237 times

Last updated: Jan 21 '16