Akihiro and Dan and Me discussed about the quantum side spec. The conclusion is following.
vif_require_iptables vif_prevent_spoofing vif_require_securitygroup
Note: why vif_ is needed? <- it is because the subnect ( nova or quantum ) is confusing no why just firewalling is not sufficient <- in nova, spoofing and securitygroup is different function, so we need to specify it.
Akihiro and Dan and Me discussed about the quantum side spec.
The conclusion is following.
vif_require_ iptables spoofing securitygroup
vif_prevent_
vif_require_
Note:
why vif_ is needed? <- it is because the subnect ( nova or quantum ) is confusing no
why just firewalling is not sufficient <- in nova, spoofing and securitygroup is different function, so we need to specify it.