incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: Security Groups in Advanced Zone - Plugin Support
Date Thu, 07 Mar 2013 23:18:21 GMT


On 3/7/13 12:22 AM, "Dave Cahill" <dcahill@midokura.com> wrote:

>Hi Chiradeep,
>
>Thanks for jumping in, great to get feedback on this one.
>
>However, SecurityGroups are handled by SecurityGroupManagerImpl, which
>simply sends a Command to the agent without checking for, or calling
>into, a SecurityGroupsProvider. In other words, it's not pluggable.
>
>That's the background for why we're interested in pluggability for the
>service.

Yes, it should be pluggable, but it isn't currently. Patches welcome.

>
>Our second question was aimed at checking our understanding of
>Anthony's response: "as for SG enabled shared network, current plan is
>only support Virtual Router as service provider". It sounds like this
>would make all of the other Providers (external ones like F5 as well
>as virtual ones like Nicira) unusable in a SG-enabled Advanced Shared
>network, but we wanted to double-check that.

I don't see anything in the code that would preclude that. I think given
the scope of testing with myriad providers, he was merely stating that he
would vouch for it working with the virtual router.

>
>Lastly we wanted to understand timelines. The last comment on
>CLOUDSTACK-737 shows the feature being reverted, so we were wondering
>when it's aimed for master, and also to understand when Security
>Groups on Advanced Isolated mode is scheduled to hit master.

As I said, there's hypervisor-level issues being sorted out. I'll let
Anthony reply on that one.

>


Mime
View raw message