openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24307
Re: quantum l2 networks
Settting this in nova.conf should disable that but then your security
groups won't work.
firewall_driver = nova.virt.firewall.NoopFirewallDriver
On Sat, Jun 8, 2013 at 12:01 PM, Joe Breu <joseph.breu@xxxxxxxxxxxxx> wrote:
> Hi Aaron,
>
> Thanks for the response. It looks like it is the nwfilters in
> nova-compute that are making this a pain for me.
>
>
>
> On Jun 7, 2013, at 11:11 PM, Aaron Rosen wrote:
>
> Hi Joe,
>
> I thought setting firewall_driver =
> quantum.agent.firewall.NoopFirewallDriver would do the trick? Also, the ovs
> plugin does not do any mac spoof filtering at the OVS level. Those are all
> done in iptables.
>
> Aaron
>
> On Fri, Jun 7, 2013 at 8:22 PM, Joe Breu <joseph.breu@xxxxxxxxxxxxx>wrote:
>
>> Hello,
>>
>> Is there a way to create a quantum l2 network using OVS that does not
>> have MAC and IP spoofing enabled either in iptables or OVS? One workaround
>> that we found was to set the OVS plugin firewall_driver =
>> quantum.agent.firewall.NoopFirewallDriver to security_group_api=nova
>> however this is far from ideal and doesn't solve the problem of MAC spoof
>> filtering at the OVS level.
>>
>> Thanks for any help
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
>
References