Add ipset to security group

Registered by shihanzhang on 2014-04-08

In neturon, it use iptable achieve security group functions now, but iptable's chain is linear storage and filtering, we can use ipset to improve performance of the security group.

Blueprint information

Status:
Complete
Approver:
Kyle Mestery
Priority:
High
Drafter:
shihanzhang
Direction:
Approved
Assignee:
shihanzhang
Definition:
Approved
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon 2014.2
Started by
shihanzhang on 2014-06-18
Completed by
Mark McClain on 2014-09-15

Related branches

Sprints

Whiteboard

25-July (mestery): I see the previous patch is now abandoned, will a new patch be posted soon? Marking as blocked until that happens.

20-July (mestery): Marking as High for Juno-3.

mangelajo@rht : we have found scalability issues related to IP tables & security groups too, I believe this blueprint/work would be very beneficial for scalability.

ok,I will commit the spec as soon as possible!

Gerrit topic: https://review.openstack.org/#q,topic:bp/add-ipset-to-security,n,z

Addressed by: https://review.openstack.org/100761
    Spec for adding ipset to security group

Addressed by: https://review.openstack.org/104462
    Add ipset to security group

Addressed by: https://review.openstack.org/110184
    Add ipset to security group

Addressed by: https://review.openstack.org/111876
    Refactor security group rpc call

Addressed by: https://review.openstack.org/111877
    Add ipset to security group

Addressed by: https://review.openstack.org/116312
    Make SecurityGroupsRpcCallback a separate callback class

Addressed by: https://review.openstack.org/120087
    Add functional testing to ipset_manager
--------

This patch set should be moved to a follow up blueprint for Kilo
Addressed by: https://review.openstack.org/120806
    Ipset / Iptables refactor, for rebasing or followup (WIP)

Addressed by: https://review.openstack.org/122368
    Remove unnecessarily iptables reload when enable ipset

Gerrit topic: https://review.openstack.org/#q,topic:cleanup/iptables-firewall,n,z

(?)

Work Items