O'Reilly logo

Software-Defined Networking (SDN) with OpenStack by Sreenivas Voruganti, Sriram Subramanian

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing network traffic in OpenStack

The security of network traffic is critical, and OpenStack supports two mechanisms to secure network traffic. Security Groups allow traffic within a tenant's network to be secured. Linux iptables on the compute nodes are used to implement OpenStack security groups.

The traffic that goes outside of a tenant's network, to another network or the Internet, is secured using the OpenStack firewall service functionality. Like routing, firewall is a service with Neutron. The firewall service also uses iptables, but the scope of iptables is limited to the OpenStack router used as part of the firewall service.

The following diagram describes at a high level how iptables are used to secure network traffic:

In this network ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required