Comment 11 for bug 1112912
Revision history for this message
| dan wendlandt (danwent) wrote Re: get_firewall_required should use VIF parameter from quantum | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I'm fine with splitting mac + IP spoofing.
I think the main goal here is that it should always be unambiguous what is expected of the Nova virt layer. I don't really care how things are worded as long as that is the case.
My concern with wording things in terms of quantum is that just because quantum does or does not do something, it may not be unambiguous what what nova should do. Imagine a special use case of Quantum + Nova where no firewalling should be performed, hence, the quantum plugin does not support security groups. It then passes back has_securitygroup : false. However, this does not mean that it wants Nova to do security groups... quite the opposite, it doesn't want ANYONE to do security groups. If quantum passes back exactly what it wants Nova to do, we don't have a problem, as quantum could just tell Nova to not do security groups, and also not do security groups itself.