[docs] Recommend to avoid security groups referring to self as source
Bug #1276007 reported by
Dmitry Borodaenko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
Low
|
Meg McRoberts |
Bug Description
Fuel deployment documentation should recommend to avoid creating a security groupe that refers to itself as source, such configuration generates N^2 (where N is number of VMs) rules in iptables, which significantly impacts networking performance in large deployments. For example, see this discussion:
Changed in fuel: | |
status: | New → Triaged |
tags: | added: customer-found |
Changed in fuel: | |
assignee: | nobody → Meg McRoberts (dreidellhasa) |
Changed in fuel: | |
milestone: | 5.0 → 5.1 |
summary: |
- Recommend to avoid security groups referring to self as source + [docs] Recommend to avoid security groups referring to self as source |
Changed in fuel: | |
status: | Triaged → Fix Released |
To post a comment you must log in.
I added this information to the "Security groups" article in the new
Technical Terminology guide
that will be part of the OpenStack 5.0 docs. This doc is not yet on
github, but here is the current
content of the article:
Security groups docs.openstack. org/trunk/ openstack- ops/content/ security_ groups. html
---------------
Sets of IP filter rules that are applied to an instance's networking.
Most projects provide a "default" security group
that is applied to instances that have no security group defined.
See the `Security groups web page <
http://
>`_
for more information.
Avoid creating a secure group that refers to itself as a source.
Such a configuration generates N^2 rules in *iptables*
(where N is the number of FMs).
This significantly impacts networking performance in large deployments.
Note that Sahara does does not provide a default security group. /review. openstack. org/#/c/ 71299/>`_
See this `note in <https:/
for information about defining a default security group for Sahara).
On Fri, Apr 4, 2014 at 12:01 PM, Launchpad Bug Tracker <
<email address hidden>> wrote:
> Mike Scherbakov (mihgen) has assigned this bug to you for Fuel for openstack. 10931.n7. nabble. com/Performance -Regression- in-Neutron- compared- to-Quantum- Grizzly- td25972. html#a26486 /bugs.launchpad .net/bugs/ 1276007
> OpenStack:
>
> Fuel deployment documentation should recommend to avoid creating a
> security groupe that refers to itself as source, such configuration
> generates N^2 (where N is number of VMs) rules in iptables, which
> significantly impacts networking performance in large deployments. For
> example, see this discussion:
>
> http://
> Havana-
>
> ** Affects: fuel
> Importance: Low
> Assignee: Meg McRoberts (dreidellhasa)
> Status: Triaged
>
>
> ** Tags: customer-found docs
> --
> Recommend to avoid security groups referring to self as source
> https:/
> You received this bug notification because you are a bug assignee.
>