[openstack-dev] [Neutron] How to set port_filter in port binding?

Alexandre Levine alevine at cloudscaling.com
Thu Sep 25 20:59:08 UTC 2014


Hi All,

I'm looking for a way to set port_filter flag to False for port binding. 
Is there a way to do this in IceHouse or in current Juno code? I use 
devstack with the default ML2 plugin and configuration.

According to this guide 
(http://docs.openstack.org/api/openstack-network/2.0/content/binding_ext_ports.html) 
it should be done via binding:profile but it gets only recorded in the 
dictionary of binding:profile and doesn't get reflected in vif_details 
as supposed to.

I tried to find any code in Neutron that can potentially do this 
transferring from incoming binding:profile into binding:vif_details and 
found none.

I'd be very grateful if anybody can point me in the right direction.

And by the by the reason I'm trying to do this is because I want to use 
one instance as NAT for another one in private subnet. As a result of 
ping 8.8.8.8 from private instance to NAT instance the reply gets 
Dropped by the security rule in iptables on TAP interface of NAT 
instance because the source is different from the NAT instance IP. So I 
suppose that port_filter is responsible for this behavior and will 
remove this restriction in iptables.

Best regards,
   Alex Levine



More information about the OpenStack-dev mailing list