Comment 2 for bug 1488281

I agree that diverse security approaches will create a burden on Octavia to add security groups to the amphorae.

So in the example shown, the loadbalancer security groups needed to be:
(default, lb-5cfd45c7-e12b-4dd7-8be3-f2c31ac110a5, lb-mgmt-sec-grp), instead of only
(lb-5cfd45c7-e12b-4dd7-8be3-f2c31ac110a5, lb-mgmt-sec-grp), for traffic to pass from the amphorae to the server.

This shouldn't be required, to my understanding, as the lb-5cf** group already allows HTTP traffic (listener port), and the amphorae have traffic interfaces on the same tenant subnet of the server.

But in some situations, traffic does not pass from the amphorae to the servers, and I added the default security group manually (bad thing I know) to the loadbalancer to work.