cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nguyen Anh Tu <>
Subject [Discuss] Apply rules on Virtual Router
Date Mon, 22 Jul 2013 13:52:34 GMT
Hi guys,

While working with L3 network services, I found a problem in the process of
applying iptables rules. It currently works not good in my opinion. When
you apply a new rule (eg. StaticNat or Egress rule), Virtual Router backups
old rules and re-apply all of non-revoked rules related to source IP on the
new rule, including this one. It causes a slow, especially when you have a
lot of running rules. When you delete a rule, the process happens in the
same. The deleting rule is marked as "revoked", so it doesn't appear in the
list. I think we should have a better approach.

Any idea?



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message