Disabling port security
By default, Neutron applies anti-spoofing rules to all ports to ensure that unexpected or undesired traffic cannot originate from or pass through a port. This includes rules that prohibit instances from running DHCP servers or from acting as routers. To address the latter, the allowed-address-pairs extension can be used to allow additional IPs, subnets, and MAC addresses through the port. However, additional functionality may be required that cannot be addressed by the allowed-address-pairs extension.
In the Kilo release of OpenStack, the port security extension was introduced for the ML2 plugin, which allows all packet filtering to be disabled on a port. This includes default rules that prevent IP and MAC spoofing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access