<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=koi8-r">
<style type="text/css" id="owaParaStyle">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi,<br>
<br>
Indeed ARP spoofing is prevented by default, but AFAIK, if you want it enabled for a port / network, you can simply disable the security groups on that neutron network / port.<br>
<br>
Best regards,<br>
<br>
Claudiu Belu<br>
<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div id="divRpF369882" style="direction: ltr;"><font size="2" face="Tahoma" color="#000000"><b>From:</b> Татьяна Холкина [holkina@selectel.ru]<br>
<b>Sent:</b> Tuesday, March 13, 2018 12:54 PM<br>
<b>To:</b> openstack-dev@lists.openstack.org<br>
<b>Subject:</b> [openstack-dev] [neutron] Prevent ARP spoofing<br>
</font><br>
</div>
<div></div>
<div>
<div dir="ltr">Hi,
<div>I'm using an ocata release of OpenStack where the option prevent_arp_spoofing can be managed via conf. But later in pike it was removed and it was decided to prevent spoofing by default.<br>
</div>
<div>There are cases where security features should be disabled. As I can see now we can use a port_security option for these cases. But this option should be set for a particular port or network on create. The default value is set to True [1] and it<span style="color:rgb(34,34,34); font-family:arial,sans-serif; font-size:small; font-style:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; background-color:rgb(255,255,255); float:none; display:inline">t
 is impossible to change it</span>. I'd like to suggest to get default value for port_security [2] from config option.</div>
<div>It would be nice to know your opinion.<br>
</div>
<div><br>
</div>
<div>[1] <a href="https://github.com/openstack/neutron-lib/blob/stable/queens/neutron_lib/api/definitions/port_security.py#L21" target="_blank">https://github.com/openstack/neutron-lib/blob/stable/queens/neutron_lib/api/definitions/port_security.py#L21</a></div>
<div>[2] <span style="color:rgb(34,34,34); font-family:arial,sans-serif; font-size:small; font-style:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; background-color:rgb(255,255,255); float:none; display:inline"><a href="https://github.com/openstack/neutron/blob/stable/queens/neutron/objects/extensions/port_security.py#L24" target="_blank">https://github.com/openstack/neutron/blob/stable/queens/neutron/objects/extensions/port_security.py#L24</a></span></div>
<div><span style="color:rgb(34,34,34); font-family:arial,sans-serif; font-size:small; font-style:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; background-color:rgb(255,255,255); float:none; display:inline"><br>
</span></div>
<div><span style="color:rgb(34,34,34); font-family:arial,sans-serif; font-size:small; font-style:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; background-color:rgb(255,255,255); float:none; display:inline">Best
 regards,</span></div>
<div><span style="color:rgb(34,34,34); font-family:arial,sans-serif; font-size:small; font-style:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; background-color:rgb(255,255,255); float:none; display:inline">Tatiana</span></div>
</div>
</div>
</div>
</div>
</body>
</html>