Backlog #3250
Implement Security Groups for Open vSwitch
Status: | Pending | Start date: | 10/20/2014 | |
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Drivers - Network | |||
Target version: | - |
Description
This will probably connect open vSwitch with a central controller.
The original description of this issue:
The WHITE_PORTS_TCP (and probably _UDP too) rules do not get applied when a VM template with _only_ white ports gets instantiated: VM in running state, dump of openflow rules on hypervisor: ovs-ofctl dump-flows uplink NXST_FLOW reply (xid=0x4): cookie=0x0, duration=317492.877s, table=0, n_packets=969597, n_bytes=95755656, idle_age=0, hard_age=65534, priority=0 actions=NORMAL cookie=0x0, duration=282728.832s, table=0, n_packets=5941, n_bytes=501927, idle_age=32, hard_age=65534, priority=40000,in_port=3,dl_src=02:02:b9:3e:10:8d actions=NORMAL cookie=0x0, duration=282728.820s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=39000,in_port=3 actions=drop There is no rule blocking all traffic _except_ the white port, all traffic is allowed.
Related issues
History
#1 Updated by Ruben S. Montero over 6 years ago
- Related to Feature #3175: Implement Security Groups added
#2 Updated by Ruben S. Montero over 6 years ago
This will be considered together with the security groups feature.
#3 Updated by Ruben S. Montero over 6 years ago
- Tracker changed from Bug to Backlog
- Subject changed from WHITE_PORTS_TCP Network Filtering with Open vSwitch does not work to Implement Security Groups for Open vSwitch
- Description updated (diff)
- Category set to Drivers - Network
- Priority changed from Normal to High
Updating the issue considering the new security groups functionality
#4 Updated by Esteban Freire Garcia over 5 years ago
Hello all,
I would like to add that we (SURFsara) are also interested in implement Security Groups for Open vSwitch. Please, let us know if you need any information about it or if you need we test anything on our OpenNebula test environment.
#5 Updated by Jaime Melis over 3 years ago
- Duplicated by Feature #2033: Improve firewalling rules for OpenvSwitch added