
<div dir="ltr">hi Aaron <br>i set the following in nova.conf <br><br>security_group_api=quantum<br>firewall_driver=nova.virt.firewall.NoopFirewallDriver<br><br>it works, but when i try to attach a security group to an exist vm , api throw an error :<br>


<br>"Network requires port_security_enabled and subnet associated in order to apply security groups."<br><br>the i add port_security_enabled in quantum.conf in all nodes. <br>"port_security_enabled=True"<div class="gmail_default">


<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px"><br></span></div><div class="gmail_default" style><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px"> with no luck, it still doesn't work . </span></div>


<div class="gmail_default" style><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px"><br></span></div><div class="gmail_default" style><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:14px">Any advice ? does quantum security group support this feature? </span></div>


<div class="gmail_extra"><br clear="all"><div><div dir="ltr">Daniels Cai<div><a href="http://dnscai.com" target="_blank">http://dnscai.com</a></div></div></div>

<br><br><div class="gmail_quote">2013/6/8 Aaron Rosen <span dir="ltr"><<a href="mailto:arosen@nicira.com" target="_blank">arosen@nicira.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div dir="ltr">Hi Joe, <div><br></div><div>I thought setting firewall_driver = quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs plugin does not do any mac spoof filtering at the OVS level. Those are all done in iptables. </div>


<span class="HOEnZb"><font color="#888888">

<div><br>Aaron</div></font></span><div><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu <span dir="ltr"><<a href="mailto:joseph.breu@rackspace.com" target="_blank">joseph.breu@rackspace.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>

<br>

Is there a way to create a quantum l2 network using OVS that does not have MAC and IP spoofing enabled either in iptables or OVS?  One workaround that we found was to set the OVS plugin firewall_driver = quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova however this is far from ideal and doesn't solve the problem of MAC spoof filtering at the OVS level.<br>


<br>

Thanks for any help<br>

<br>

<br>

_______________________________________________<br>

Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>

Post to     : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>

Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>

More help   : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>

</blockquote></div><br></div></div></div></div>

<br>_______________________________________________<br>

Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>

Post to     : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>

Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>

More help   : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>

<br></blockquote></div><br></div></div>