<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi Charles,<br>
</p>
<p><br>
</p>
<p><span style="color: rgb(75, 75, 75); font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 14px; line-height: 19px; background-color: rgb(255, 255, 255);">>> The port-security extension was implemented for ML2 with OVS in Kilo but I cannot
seem to find any similar implementation for linux-bridge.</span><br>
</p>
<p><br>
</p>
<p><span style="font-family: Calibri, Arial, Helvetica, sans-serif;">It also works with LinuxBridge in Kilo. To gain this functionality, you'll need to upgrade the environment from Juno to Kilo.</span><br style="font-family: Calibri, Arial, Helvetica, sans-serif;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif;"></span></p>
<p><br style="font-family: Calibri, Arial, Helvetica, sans-serif;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif;"></span></p>
<p><span style="color: rgb(33, 33, 33); background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;"><span style="font-family: Calibri, Arial, Helvetica, sans-serif;">To enable, in the /etc/neutron/plugins/ml2/ml2_conf.ini
file, add the following </span></span><span style="color: rgb(33, 33, 33); background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;"><span style="font-family: Calibri, Arial, Helvetica, sans-serif;">under [ml2]
and restart the neutron-server service:</span></span><br style="color: rgb(33, 33, 33); font-family: 'Segoe UI', 'Segoe WP', 'Segoe UI WPC', Tahoma, Arial, sans-serif; font-size: 12pt;">
<br>
[ml2]</p>
<p>...<br style="font-size: 12pt;">
<span style="color: rgb(33, 33, 33); background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;"><span style="font-family: Calibri, Arial, Helvetica, sans-serif;">extension_drivers
<span style="background-color: rgb(255, 255, 255);">= </span></span></span><span class="currentHitHighlight" id="0.14849325362592936" name="searchHitInReadingPane" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">port_security</span></span></span></span><br>
</p>
<p><br>
</p>
<p>James<br>
</p>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Charles 'Boyo <charlesboyo@gmail.com><br>
<b>Sent:</b> Monday, July 27, 2015 7:46 PM<br>
<b>To:</b> openstack-operators@lists.openstack.org<br>
<b>Subject:</b> [Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge?</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
Hello.</p>
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
I have an OpenStack Juno environment and I am trying to integrate my Nova instances with other physical machines on the same network. Neutron networking is based on ML2 linux-bridge plugin with VLAN segmentation.</p>
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
The security-groups feature is installing anti-spoof rules for non-instance traffic and DHCP server traffic. This is getting in the way of using virtual instances as routers and DHCP servers.</p>
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
The port-security extension is supposed to make it possible to disable the automatic iptables rules but attempts to use the port_security_enabled attribute while creating ports end with an error: Unrecognized attribute(s) 'port_security_enabled' (HTTP 400)
(Request-ID: req-eb10a181-4109-40ca-ad54-2d3f2a82285a)</p>
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
The port-security extension was implemented for ML2 with OVS in Kilo but I cannot seem to find any similar implementation for linux-bridge.</p>
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
Please can you point me in the direction of similar functionality for ML2 with the linux-bridge mechanism driver? Or it is forbidden for any reason?</p>
<p style="margin:0px 0px 14px; padding:0px 5px 5px 0px; border:none; font-size:14px; line-height:1.4; font-family:'Helvetica Neue',Arial,Helvetica,sans-serif; color:rgb(75,75,75)">
Charles</p>
</div>
</div>
</div>
</body>
</html>