Implement Security Groups for Open vSwitch
|Category:||Drivers - Network|
This will probably connect open vSwitch with a central controller.
The original description of this issue:
The WHITE_PORTS_TCP (and probably _UDP too) rules do not get applied when a VM template with _only_ white ports gets instantiated: VM in running state, dump of openflow rules on hypervisor: ovs-ofctl dump-flows uplink NXST_FLOW reply (xid=0x4): cookie=0x0, duration=317492.877s, table=0, n_packets=969597, n_bytes=95755656, idle_age=0, hard_age=65534, priority=0 actions=NORMAL cookie=0x0, duration=282728.832s, table=0, n_packets=5941, n_bytes=501927, idle_age=32, hard_age=65534, priority=40000,in_port=3,dl_src=02:02:b9:3e:10:8d actions=NORMAL cookie=0x0, duration=282728.820s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=39000,in_port=3 actions=drop There is no rule blocking all traffic _except_ the white port, all traffic is allowed.
#3 Updated by Ruben S. Montero over 5 years ago
- Tracker changed from Bug to Backlog
- Subject changed from WHITE_PORTS_TCP Network Filtering with Open vSwitch does not work to Implement Security Groups for Open vSwitch
- Description updated (diff)
- Category set to Drivers - Network
- Priority changed from Normal to High
Updating the issue considering the new security groups functionality