openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24299
Re: quantum l2 networks
hi Aaron
i set the following in nova.conf
security_group_api=quantum
firewall_driver=nova.virt.firewall.NoopFirewallDriver
it works, but when i try to attach a security group to an exist vm , api
throw an error :
"Network requires port_security_enabled and subnet associated in order to
apply security groups."
the i add port_security_enabled in quantum.conf in all nodes.
"port_security_enabled=True"
with no luck, it still doesn't work .
Any advice ? does quantum security group support this feature?
Daniels Cai
http://dnscai.com
2013/6/8 Aaron Rosen <arosen@xxxxxxxxxx>
> Hi Joe,
>
> I thought setting firewall_driver =
> quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs
> plugin does not do any mac spoof filtering at the OVS level. Those are all
> done in iptables.
>
> Aaron
>
> On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu <joseph.breu@xxxxxxxxxxxxx>wrote:
>
>> Hello,
>>
>> Is there a way to create a quantum l2 network using OVS that does not
>> have MAC and IP spoofing enabled either in iptables or OVS? One workaround
>> that we found was to set the OVS plugin firewall_driver =
>> quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova
>> however this is far from ideal and doesn't solve the problem of MAC spoof
>> filtering at the OVS level.
>>
>> Thanks for any help
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
Follow ups
References