[openstack-dev] [nova][neutron] Networks without subnets

Brent Eagles beagles at redhat.com
Fri Jul 11 21:41:40 UTC 2014


A bug titled "Creating quantum L2 networks (without subnets) doesn't
work as expected" (https://bugs.launchpad.net/nova/+bug/1039665) was
reported quite some time ago. Beyond the discussion in the bug report,
there have been related bugs reported a few times.

* https://bugs.launchpad.net/nova/+bug/1304409
* https://bugs.launchpad.net/nova/+bug/1252410
* https://bugs.launchpad.net/nova/+bug/1237711
* https://bugs.launchpad.net/nova/+bug/1311731
* https://bugs.launchpad.net/nova/+bug/1043827

BZs on this subject seem to have a hard time surviving. The get marked
as incomplete or invalid, or in the related issues, the problem NOT
related to the feature is addressed and the bug closed. We seem to dance
around actually getting around to implementing this. The multiple
reports show there *is* interest in this functionality but at the moment
we are without an actual implementation.

At the moment there are multiple related blueprints:

* https://review.openstack.org/#/c/99873/ ML2 OVS: portsecurity
  extension support
* https://review.openstack.org/#/c/106222/ Add Port Security
  Implementation in ML2 Plugin
* https://review.openstack.org/#/c/97715 NFV unaddressed interfaces

The first two blueprints, besides appearing to be very similar, propose
implementing the "port security" extension currently employed by one of
the neutron plugins. It is related to this issue as it allows a port to
be configured indicating it does not want security groups to apply. This
is relevant because without an address, a security group cannot be
applied and this is treated as an error. Being able to specify
"skipping" the security group criteria gets us a port on the network
without an address, which is what happens when there is no subnet.

The third approach is, on the face of it, related in that it proposes an
interface without an address. However, on review it seems that the
intent is not necessarily inline with the some of the BZs mentioned
above. Indeed there is text that seems to pretty clearly state that it
is not intended to cover the port-without-an-IP situation. As an aside,
the title in the commit message in the review could use revising.

In order to implement something that finally implements the
functionality alluded to in the above BZs in Juno, we need to settle on
a blueprint and direction. Barring the happy possiblity of a resolution
beforehand, can this be made an agenda item in the next Nova and/or
Neutron meetings?



More information about the OpenStack-dev mailing list