Open Stack

Hi Charles,


>> The port-security extension was implemented for ML2 with OVS in Kilo but I cannot seem to find any similar implementation for linux-bridge.?


It also works with LinuxBridge in Kilo. To gain this functionality, you'll need to upgrade the environment from Juno to Kilo.


To enable, in the /etc/neutron/plugins/ml2/ml2_conf.ini file, add the following under [ml2] and restart the neutron-server service:

[ml2]

...
extension_drivers = port_security


James

________________________________
From: Charles 'Boyo <charlesboyo at gmail.com>
Sent: Monday, July 27, 2015 7:46 PM
To: openstack-operators at lists.openstack.org
Subject: [Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge?


Hello.

I have an OpenStack Juno environment and I am trying to integrate my Nova instances with other physical machines on the same network. Neutron networking is based on ML2 linux-bridge plugin with VLAN segmentation.

The security-groups feature is installing anti-spoof rules for non-instance traffic and DHCP server traffic. This is getting in the way of using virtual instances as routers and DHCP servers.

The port-security extension is supposed to make it possible to disable the automatic iptables rules but attempts to use the port_security_enabled attribute while creating ports end with an error: Unrecognized attribute(s) 'port_security_enabled' (HTTP 400) (Request-ID: req-eb10a181-4109-40ca-ad54-2d3f2a82285a)

The port-security extension was implemented for ML2 with OVS in Kilo but I cannot seem to find any similar implementation for linux-bridge.

Please can you point me in the direction of similar functionality for ML2 with the linux-bridge mechanism driver? Or it is forbidden for any reason?

Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150728/39e2e4bf/attachment.html>