Quantum Security Groups API
So far with openstack, security groups where implemented by Nova using an iptables + libvirt nwfilers (also based on iptables).
With Quantum, we want to have plugins implement security groups, as packet filtering is high specific to the type of networking technology being used (e.g., iptables based filtering is not compatible with SR-IOV nics).
From Folsom Summit:
- Dave's slide:
http://
- nova has a flag to enable default group or not. should we have that as well?
- need to add option for Amazon compat mode for the default rule. Some want default deny vs allow network ingress if no rules defined (Amazon way)
Note: This blueprint may be broken into multiple blueprints
- basic extension (already complete?)
- implementations for various plugins.
Blueprint information
- Status:
- Complete
- Approver:
- dan wendlandt
- Priority:
- High
- Drafter:
- dan wendlandt
- Direction:
- Approved
- Assignee:
- Aaron Rosen
- Definition:
- New
- Series goal:
- Accepted for grizzly
- Implementation:
- Implemented
- Milestone target:
- 2013.1
- Started by
- dan wendlandt
- Completed by
- dan wendlandt
Related branches
Related bugs
Sprints
Whiteboard
We still have a mostly working prototype for this, but getting it working with OVS + LB plugins would be significant additional work. Instead, the focus for Folsom will be making sure Quantum works with Nova security groups. This will be an optional extension that some plugins can choose to implement.
--------
this got bumped out of folsom all together, but we should get it in ASAP for grizzly
Gerrit topic: https:/
Addressed by: https:/
Quantum Security Groups API
Addressed by: https:/
Adds security groups in NVP Plugin
openstack-manual (work in progress) https:/
Can we add a new blueprint for nachi's separate work with iptables?
Gerrit topic: https:/
Addressed by: https:/
_validate_
Gerrit topic: https:/
Work Items
Dependency tree
* Blueprints in grey have been implemented.