[neutron] Disable dhcp drop rule
eblock at nde.ag
Wed Aug 19 16:42:11 UTC 2020
That sounds promising, thank you! I had noticed that option but didn’t
have a chance to look closer into it.
I’ll try that tomorrow.
Thanks for the tip!
Zitat von Ben Nemec <openstack at nemebean.com>:
> On 8/19/20 8:36 AM, Eugen Block wrote:
>> Hi *,
>> we recently upgraded our Ocata Cloud to Train and also switched
>> from linuxbridge to openvswitch.
>> One of our instances within the cloud works as DHCP server and to
>> make that work we had to comment the respective part in this file
>> on the compute node the instance was running on:
>> Now we tried the same in
>> but restarting openstack-neutron-openvswitch-agent.service didn't
>> drop that rule, the DHCP reply didn't get through. To continue with
>> our work we just dropped it manually, so we get by, but since there
>> have been a couple of years between Ocata and Train, is there any
>> smoother or better way to achieve this? This seems to be a
>> reoccuring request but I couldn't find any updates on this topic.
>> Maybe someone here can shed some light? Is there more to change
>> than those two files I mentioned?
> You might try disabling port-security on the instance's port. That's
> what we use in OVB to allow a DHCP server in an instance now.
> neutron port-update [port-id] --port_security_enabled=False
> That will drop all port security for that instance, not just the
> DHCP rule, but on the other hand it leaves the DHCP rule in place
> for any instances you don't want running DHCP servers.
>> Any pointers are highly appreciated!
>> Best regards,
More information about the openstack-discuss