Book Image

Mastering OpenStack

By : Omar Khedher
Book Image

Mastering OpenStack

By: Omar Khedher

Overview of this book

Table of Contents (18 chapters)
Mastering OpenStack
About the Author
About the Reviewers
Extending OpenStack – Advanced Networking Features and Deploying Multi-tier Applications

Security groups

Imagine a scenario where you have to apply certain traffic management rules for a dozen compute node instances. Therefore, assigning a certain set of rules for a specific group of nodes will be much easier instead of going through each node at a time. Security groups enclose all the aspects of the rules that are applied to the ingoing and outgoing traffic to instances, which includes the following:

  • The source and receiver, which will allow or deny traffic to instances from either the internal OpenStack IP addresses or from the rest of the world

  • Protocols to which the rule will apply, such as TCP, UDP, and ICMP

  • Egress/ingress traffic management to a Neutron port

In this way, OpenStack offers an additional security layer to the firewall rules that are available on the compute instance. The purpose is to manage traffic to several compute instances from one security group. You should bear in mind that the networking security groups are more granular-traffic-filtering-aware than the...