O'Reilly logo

Learning OpenStack Networking (Neutron) - Second Edition by James Denton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Disabling port security

By default, Neutron applies antispoofing rules to all ports to ensure that unexpected or undesired traffic cannot originate from or pass through a port. This includes rules that prohibit instances from running DHCP servers or acting as routers. To address the latter, the allowed-address-pairs extension can be used to allow additional subnets and MAC addresses through the port. However, additional functionality may be required that cannot be addressed by the allowed-address-pairs extension.

In Kilo, the port security extension was introduced for the ML2 plugin that allows all packet filtering to be disabled on a port. This is especially useful when deploying instances for NFV purposes. The port security extension requires ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required