You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Venkata SwamyBabu Budumuru <ve...@citrix.com> on 2013/04/19 12:25:39 UTC
what are the technical reason for not supporting security groups on
ovs?
Thanks,
SWAMY
Re: what are the technical reason for not supporting security
groups on ovs?
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Security groups are stateful firewalls -- currently it is not possible to
do stateful firewalling inside OVS (you could write a controller or buy
one that does it however). KVM (linux v 3.2 onwards) now has the ability
to chain OVS and bridge so technically it should be possible only on those
hypervisors.
On 4/19/13 3:45 AM, "Venkata SwamyBabu Budumuru"
<ve...@citrix.com> wrote:
>By mistake, hit the send button before writing the actual message
>
>
>Looks like cloudstack + Xen only supports SecurityGroups with bridge as
>backend. Can someone shed some light on the technical reasons behind we
>we don't support it on OVS?
>
>Thanks,
>SWAMY
>
>-----Original Message-----
>From: Venkata SwamyBabu Budumuru
>[mailto:venkataswamybabu.budumuru@citrix.com]
>Sent: Friday, 19 April 2013 3:56 PM
>To: users@cloudstack.apache.org; dev@cloudstack.apache.org
>Subject: what are the technical reason for not supporting security groups
>on ovs?
>
>Thanks,
>SWAMY
Re: what are the technical reason for not supporting security
groups on ovs?
Posted by Chiradeep Vittal <Ch...@citrix.com>.
Security groups are stateful firewalls -- currently it is not possible to
do stateful firewalling inside OVS (you could write a controller or buy
one that does it however). KVM (linux v 3.2 onwards) now has the ability
to chain OVS and bridge so technically it should be possible only on those
hypervisors.
On 4/19/13 3:45 AM, "Venkata SwamyBabu Budumuru"
<ve...@citrix.com> wrote:
>By mistake, hit the send button before writing the actual message
>
>
>Looks like cloudstack + Xen only supports SecurityGroups with bridge as
>backend. Can someone shed some light on the technical reasons behind we
>we don't support it on OVS?
>
>Thanks,
>SWAMY
>
>-----Original Message-----
>From: Venkata SwamyBabu Budumuru
>[mailto:venkataswamybabu.budumuru@citrix.com]
>Sent: Friday, 19 April 2013 3:56 PM
>To: users@cloudstack.apache.org; dev@cloudstack.apache.org
>Subject: what are the technical reason for not supporting security groups
>on ovs?
>
>Thanks,
>SWAMY
RE: what are the technical reason for not supporting security
groups on ovs?
Posted by Venkata SwamyBabu Budumuru <ve...@citrix.com>.
By mistake, hit the send button before writing the actual message
Looks like cloudstack + Xen only supports SecurityGroups with bridge as backend. Can someone shed some light on the technical reasons behind we we don't support it on OVS?
Thanks,
SWAMY
-----Original Message-----
From: Venkata SwamyBabu Budumuru [mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Friday, 19 April 2013 3:56 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: what are the technical reason for not supporting security groups on ovs?
Thanks,
SWAMY
RE: what are the technical reason for not supporting security
groups on ovs?
Posted by Venkata SwamyBabu Budumuru <ve...@citrix.com>.
By mistake, hit the send button before writing the actual message
Looks like cloudstack + Xen only supports SecurityGroups with bridge as backend. Can someone shed some light on the technical reasons behind we we don't support it on OVS?
Thanks,
SWAMY
-----Original Message-----
From: Venkata SwamyBabu Budumuru [mailto:venkataswamybabu.budumuru@citrix.com]
Sent: Friday, 19 April 2013 3:56 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: what are the technical reason for not supporting security groups on ovs?
Thanks,
SWAMY