Hello, netstack gurus!
I have problem with iptables filtering on XCP. We use two physical boxes:
XCP(with domU compute) and Ubuntu 12.04(controller). They connected by
patch-cord, so we could use internal vlans. We use quantum. nova-compute
creates expected iptables rules on dom0, but they have no effect . This
because traffic between VMs goes inside OVS and doesn't touch IP stack of
host system. Security groups not work at all:( Using OVS OpenFlow
impementation I think it is the best solution.
In this blueprint (http://wiki.openstack.org/xenapi-security-groups)
openflow security groups don't implemented.
R2B. XS/XCP uses Open vSwitch networking stack, security groups are
> configured through flow tables in Open vSwitch
and Security groups still configured thru iptables.
R2A. XS/XCP uses Open vSwitch networking stack, security groups still
> configured through iptables
Is it temporary and non-working solution or may be it works, but required
additional configuring?
Many thanks..
--
Regards, Roman Sokolkov
I have problem with iptables filtering on XCP. We use two physical boxes:
XCP(with domU compute) and Ubuntu 12.04(controller). They connected by
patch-cord, so we could use internal vlans. We use quantum. nova-compute
creates expected iptables rules on dom0, but they have no effect . This
because traffic between VMs goes inside OVS and doesn't touch IP stack of
host system. Security groups not work at all:( Using OVS OpenFlow
impementation I think it is the best solution.
In this blueprint (http://wiki.openstack.org/xenapi-security-groups)
openflow security groups don't implemented.
R2B. XS/XCP uses Open vSwitch networking stack, security groups are
> configured through flow tables in Open vSwitch
and Security groups still configured thru iptables.
R2A. XS/XCP uses Open vSwitch networking stack, security groups still
> configured through iptables
Is it temporary and non-working solution or may be it works, but required
additional configuring?
Many thanks..
--
Regards, Roman Sokolkov