[Openstack-operators] Is the neutron port-security extension available for ML2 linux-bridge?
Charles 'Boyo
charlesboyo at gmail.com
Tue Jul 28 00:46:25 UTC 2015
Hello.
I have an OpenStack Juno environment and I am trying to integrate my Nova
instances with other physical machines on the same network. Neutron
networking is based on ML2 linux-bridge plugin with VLAN segmentation.
The security-groups feature is installing anti-spoof rules for non-instance
traffic and DHCP server traffic. This is getting in the way of using
virtual instances as routers and DHCP servers.
The port-security extension is supposed to make it possible to disable the
automatic iptables rules but attempts to use the port_security_enabled
attribute while creating ports end with an error: Unrecognized attribute(s)
'port_security_enabled' (HTTP 400) (Request-ID:
req-eb10a181-4109-40ca-ad54-2d3f2a82285a)
The port-security extension was implemented for ML2 with OVS in Kilo but I
cannot seem to find any similar implementation for linux-bridge.
Please can you point me in the direction of similar functionality for ML2
with the linux-bridge mechanism driver? Or it is forbidden for any reason?
Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150728/a8f66df1/attachment.html>
More information about the OpenStack-operators
mailing list