cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanna Santhanam <>
Subject Re: [Discuss] Apply rules on Virtual Router
Date Tue, 23 Jul 2013 11:57:04 GMT
On Mon, Jul 22, 2013 at 08:52:34PM +0700, Nguyen Anh Tu wrote:
> While working with L3 network services, I found a problem in the process of
> applying iptables rules. It currently works not good in my opinion. When
> you apply a new rule (eg. StaticNat or Egress rule), Virtual Router backups
> old rules and re-apply all of non-revoked rules related to source IP on the
> new rule, including this one. It causes a slow, especially when you have a
> lot of running rules. When you delete a rule, the process happens in the
> same. The deleting rule is marked as "revoked", so it doesn't appear in the
> list. I think we should have a better approach.

I'd like this: but know not how java can do this or what is involved:

Do you propose a diff based solution where we incrementally apply the
new set of rules? Also, do you think this can be done for any
configuration within the VR not just iptable rules?


Powered by

View raw message