[openstack-dev] Chalenges with highly available service VMs

Ian Wells ijw.ubuntu at cack.org.uk
Thu Jul 18 10:32:16 UTC 2013


On 18 July 2013 00:45, Aaron Rosen <arosen at nicira.com> wrote:
> Hi Ian,
>
> For shared networks if the network is set to port_security_enabled=True then
> the tenant will not be able to remove port_security_enabled from their port
> if they are not the owner of the network. I believe this is the correct
> behavior we want. In addition, only admin's are able to create shared
> networks by default.

Can you point me to the documentation for port_security_enabled?

> I've created the following blueprint
> https://blueprints.launchpad.net/neutron/+spec/allowed-address-pairs and
> doc:
> https://docs.google.com/document/d/1hyB3dIkRF623JlUsvtQFo9fCKLsy0gN8Jf6SWnqbWWA/edit?usp=sharing
> which will provide us a way to do this. It would be awesome if you could
> check it out and let me know what you think.

I'd still like the simpler and more general purpose 'disable spoofing'
option as well.  That doesn't allow MAC spoofing and it doesn't work
for what I'm up to.
-- 
Ian.



More information about the OpenStack-dev mailing list