This patch adds support for EC2 security groups using libvirt's nwfilter mechanism, which in turn uses iptables and ebtables on the individual compute nodes.

This has a number of benefits:
 * Inter-VM network traffic can take the fastest route through the network without our having to worry about getting it through a central firewall.
 * Not relying on a central firewall also removes a potential SPOF.
 * The filtering load is distributed, offering great scalability.

Caveats:
 * It only works with libvirt and only with libvirt drivers that support nwfilter (qemu (and thus kvm) and uml, at the moment)

0 files changed, 0 insertions, 0 deletions