Viewing all changes in revision 344.
- Committer: Tarmac
- Date: 2010-10-12 20:28:43 UTC
- mfrom: (265.2.56 api)
- Revision ID: hudson@openstack.org-20101012202843-qkv3kmc9uv400cif
This patch adds support for EC2 security groups using libvirt's nwfilter mechanism, which in turn uses iptables and ebtables on the individual compute nodes.
This has a number of benefits:
* Inter-VM network traffic can take the fastest route through the network without our having to worry about getting it through a central firewall.
* Not relying on a central firewall also removes a potential SPOF.
* The filtering load is distributed, offering great scalability.
Caveats:
* It only works with libvirt and only with libvirt drivers that support nwfilter (qemu (and thus kvm) and uml, at the moment)
This has a number of benefits:
* Inter-VM network traffic can take the fastest route through the network without our having to worry about getting it through a central firewall.
* Not relying on a central firewall also removes a potential SPOF.
* The filtering load is distributed, offering great scalability.
Caveats:
* It only works with libvirt and only with libvirt drivers that support nwfilter (qemu (and thus kvm) and uml, at the moment)
- files modified:
- nova/api/ec2/__init__.py
expand all
collapse all
added
removed
