Open Stack

I have a system which is happily using vxlan type driver on icehouse
on ml2 / ovs.

I would now like to take on of the physical interfaces (eth1) and make
it available in a 'tap' to a specific instance. Imagine running
'snort' here.

So i added the 'type_driver' flat:
[ml2]
type_drivers = vxlan,flat,local
tenant_network_types = vxlan
mechanism_drivers = openvswitch

I added the bridge_mapping in ovs (this i'm not sure of given the
tunnel_type=vxlan?)
[ovs]
tenant_network_type = vxlan
tunnel_type = vxlan
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 172.16.100.2
bridge_mappings = physnet1:br-ex,eth1:br-eth1,eth3:br-eth3
enable_tunneling=True

I ran
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 eth1

and I ran:
neutron net-create --shared --provider:network_type=flat
--provider:physical_network=br-eth1 eth1

so far so good.
But i cannot get an instance to bind to this network. I've tried
manually creating a port and using --nic port-id=, i've tried letting
it add it. But i get Unexpected vif_type=binding_failed no matter what
i do.

In nova.conf I have
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

and i have port security disable fwiw.

Do someone have a recipe they want to share for this? Obviously this
works best on an 'all-in-one' which is what I have. Is someone else
out there having an instance directly bound to a physical port via a
bridge?