← Back to team overview

openstack team mailing list archive

Re: quantum l2 networks

 

There is no port_security_enabled config option. This is an attribute on a
port that is used if the plugin you are using implements the
port_security_extension (which is only nvp at the time).

I'm guessing your issue is the network you are trying to boot an instance
on does not have a subnet associated with it.

Aaron


On Sat, Jun 8, 2013 at 12:37 AM, daniels cai <danxcai@xxxxxxxxx> wrote:

> hi Aaron
> i set the following in nova.conf
>
> security_group_api=quantum
> firewall_driver=nova.virt.firewall.NoopFirewallDriver
>
> it works, but when i try to attach a security group to an exist vm , api
> throw an error :
>
> "Network requires port_security_enabled and subnet associated in order to
> apply security groups."
>
> the i add port_security_enabled in quantum.conf in all nodes.
> "port_security_enabled=True"
>
>  with no luck, it still doesn't work .
>
> Any advice ? does quantum security group support this feature?
>
> Daniels Cai
> http://dnscai.com
>
>
> 2013/6/8 Aaron Rosen <arosen@xxxxxxxxxx>
>
>> Hi Joe,
>>
>> I thought setting firewall_driver =
>> quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs
>> plugin does not do any mac spoof filtering at the OVS level. Those are all
>> done in iptables.
>>
>> Aaron
>>
>> On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu <joseph.breu@xxxxxxxxxxxxx>wrote:
>>
>>> Hello,
>>>
>>> Is there a way to create a quantum l2 network using OVS that does not
>>> have MAC and IP spoofing enabled either in iptables or OVS?  One workaround
>>> that we found was to set the OVS plugin firewall_driver =
>>> quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova
>>> however this is far from ideal and doesn't solve the problem of MAC spoof
>>> filtering at the OVS level.
>>>
>>> Thanks for any help
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>

Follow ups

References