openstack team mailing list archive

[daniels cai <danxcai@xxxxxxxxx>]

hi Aaron
i set the following in nova.conf

security_group_api=quantum
firewall_driver=nova.virt.firewall.NoopFirewallDriver

it works, but when i try to attach a security group to an exist vm , api
throw an error :

"Network requires port_security_enabled and subnet associated in order to
apply security groups."

the i add port_security_enabled in quantum.conf in all nodes.
"port_security_enabled=True"

 with no luck, it still doesn't work .

Any advice ? does quantum security group support this feature?

Daniels Cai
http://dnscai.com


2013/6/8 Aaron Rosen <arosen@xxxxxxxxxx>

> Hi Joe,
>
> I thought setting firewall_driver =
> quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs
> plugin does not do any mac spoof filtering at the OVS level. Those are all
> done in iptables.
>
> Aaron
>
> On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu <joseph.breu@xxxxxxxxxxxxx>wrote:
>
>> Hello,
>>
>> Is there a way to create a quantum l2 network using OVS that does not
>> have MAC and IP spoofing enabled either in iptables or OVS?  One workaround
>> that we found was to set the OVS plugin firewall_driver =
>> quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova
>> however this is far from ideal and doesn't solve the problem of MAC spoof
>> filtering at the OVS level.
>>
>> Thanks for any help
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>