Add ipset to security group
In neturon, it use iptable achieve security group functions now, but iptable's chain is linear storage and filtering, we can use ipset to improve performance of the security group.
Blueprint information
- Status:
- Complete
- Approver:
- Kyle Mestery
- Priority:
- High
- Drafter:
- shihanzhang
- Direction:
- Approved
- Assignee:
- shihanzhang
- Definition:
- Approved
- Series goal:
- Accepted for juno
- Implementation:
- Implemented
- Milestone target:
- 2014.2
- Started by
- shihanzhang
- Completed by
- Mark McClain
Whiteboard
25-July (mestery): I see the previous patch is now abandoned, will a new patch be posted soon? Marking as blocked until that happens.
20-July (mestery): Marking as High for Juno-3.
mangelajo@rht : we have found scalability issues related to IP tables & security groups too, I believe this blueprint/work would be very beneficial for scalability.
ok,I will commit the spec as soon as possible!
Gerrit topic: https:/
Addressed by: https:/
Spec for adding ipset to security group
Addressed by: https:/
Add ipset to security group
Addressed by: https:/
Add ipset to security group
Addressed by: https:/
Refactor security group rpc call
Addressed by: https:/
Add ipset to security group
Addressed by: https:/
Make SecurityGroupsR
Addressed by: https:/
Add functional testing to ipset_manager
--------
This patch set should be moved to a follow up blueprint for Kilo
Addressed by: https:/
Ipset / Iptables refactor, for rebasing or followup (WIP)
Addressed by: https:/
Remove unnecessarily iptables reload when enable ipset
Gerrit topic: https:/