cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: what are the technical reason for not supporting security groups on ovs?
Date Fri, 19 Apr 2013 17:24:43 GMT
Security groups are stateful firewalls -- currently it is not possible to
do stateful firewalling inside OVS (you could write a controller or buy
one that does it however). KVM (linux v 3.2 onwards) now has the ability
to chain OVS and bridge so technically it should be possible only on those
hypervisors.

On 4/19/13 3:45 AM, "Venkata SwamyBabu Budumuru"
<venkataswamybabu.budumuru@citrix.com> wrote:

>By mistake, hit the send button before writing the actual message
>
>
>Looks like cloudstack + Xen only supports SecurityGroups with bridge as
>backend. Can someone shed some light on the technical reasons behind we
>we don't support it on OVS?
>
>Thanks,
>SWAMY
>
>-----Original Message-----
>From: Venkata SwamyBabu Budumuru
>[mailto:venkataswamybabu.budumuru@citrix.com]
>Sent: Friday, 19 April 2013 3:56 PM
>To: users@cloudstack.apache.org; dev@cloudstack.apache.org
>Subject: what are the technical reason for not supporting security groups
>on ovs?
>
>Thanks,
>SWAMY


Mime
View raw message