Openstack security group rules implemented ?

asked 2016-09-20 12:26:01 -0600

CloudEnthusiast gravatar image

Hello All,

Where actually the security group rules are implemented in OpenStack neutron ? How rules are implemented and applied to Openstack instances ? How to verify or confirm my defined security group rule is applied to an openstack instance ?

Please help me to understand these.

Thanks in advance for any kind of inputs, suggestions or pointers

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-09-24 05:11:12 -0600

Praveen N gravatar image


The Access & security group rules defined in OpenStack will be applied to instance's tap device attached to linux bridge(qbr) through iptables in the compute node where instance is hosted. That linux bridge will be linked(qvo) to OVS switch named br-int.

Also when the instance is migrated from one compute node to another compute node, the iptables for tap device are also moved to another compute node. ALso the port qvo will be transferred to OVS switch on new compute node.


edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-09-20 12:26:01 -0600

Seen: 291 times

Last updated: Sep 24 '16