Add ipset to security group

Registered by shihanzhang

In neturon, it use iptable achieve security group functions now, but iptable's chain is linear storage and filtering, we can use ipset to improve performance of the security group.

Blueprint information

Status:
Complete
Approver:
Kyle Mestery
Priority:
High
Drafter:
shihanzhang
Direction:
Approved
Assignee:
shihanzhang
Definition:
Approved
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon 2014.2
Started by
shihanzhang
Completed by
Mark McClain

Related branches

Sprints

Whiteboard

25-July (mestery): I see the previous patch is now abandoned, will a new patch be posted soon? Marking as blocked until that happens.

20-July (mestery): Marking as High for Juno-3.

mangelajo@rht : we have found scalability issues related to IP tables & security groups too, I believe this blueprint/work would be very beneficial for scalability.

ok,I will commit the spec as soon as possible!

Gerrit topic: https://review.openstack.org/#q,topic:bp/add-ipset-to-security,n,z

Addressed by: https://review.openstack.org/100761
    Spec for adding ipset to security group

Addressed by: https://review.openstack.org/104462
    Add ipset to security group

Addressed by: https://review.openstack.org/110184
    Add ipset to security group

Addressed by: https://review.openstack.org/111876
    Refactor security group rpc call

Addressed by: https://review.openstack.org/111877
    Add ipset to security group

Addressed by: https://review.openstack.org/116312
    Make SecurityGroupsRpcCallback a separate callback class

Addressed by: https://review.openstack.org/120087
    Add functional testing to ipset_manager
--------

This patch set should be moved to a follow up blueprint for Kilo
Addressed by: https://review.openstack.org/120806
    Ipset / Iptables refactor, for rebasing or followup (WIP)

Addressed by: https://review.openstack.org/122368
    Remove unnecessarily iptables reload when enable ipset

Gerrit topic: https://review.openstack.org/#q,topic:cleanup/iptables-firewall,n,z

(?)

Work Items