neutron

OVS plugin security filtering

Registered by dan wendlandt on 2012-07-02

OVS does not play nicely with ebtables + iptables. Thus, mechanisms that rely on ebtables and iptables for filtering (e.g., security groups, and basic limiting of VM spoofing handled by nova) won't work correctly. One strategy would be to use a different strategy for vif-plugging in nova that actually plugins each vif into its own instance of the linux bridge, which would then be "uplinked" to an OVS bridge that does the tunneling. Another more complex strategy would be to try and re-implement this same filtering in OVS.

Blueprint information

Status:: Complete

Approver:: dan wendlandt

Priority:: Medium

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: Obsolete

Series goal:: None

Implementation:: Not started

Milestone target:: None

Completed by: dan wendlandt on 2012-10-23

Related branches

Related bugs

Sprints

Whiteboard

currently this is being handled by the hybrid vif driver.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Alex Gosse

Dan Mihai Dumitriu

Koji Iida

Mathieu Rohon

Mitsuru Kanabuchi