Comment 22 for bug 1253993

Hi Chen,

You are correct. Basically, for large deployments it is better we get around the default security group (which is cyclic) and use a custom security group with appropriate to derive the same fuctionality as that of a default security group.

Also, introduction of IpSet might bring in good results in this area. Do look at this blueprint https://blueprints.launchpad.net/neutron/+spec/add-ipset-to-security which is working on the same.

Thanks,
Sudhakar