On Wed, Jul 1, 2015 at 12:11 PM, Ben Pfaff <b...@nicira.com> wrote: > On Wed, Jul 01, 2015 at 11:11:05AM +0300, Gal Sagie wrote: > > As you might know, allowed address pairs in neutron is an extension to > > allow port > > to have more then a pair of MAC-IP addresses assigned to it. > > This is useful for cases of where few VM's need to share virtual MAC/IP, > > like > > for VRRP, Load balancing, NFV use cases and so on... > > (Aaron who implemented it as far as i know can maybe elaborate) > > > > Its not urgent but i believe that we can support this in Neutron OVN (at > > least for L2) > > By adding all the MAC addresses configured to a certain logical port. > > > > However, when L3 is going to be introduced, we cant just also add all the > > IP addresses, because security wise this means that a certain IP must be > > assigned to a certain MAC address (please correct me if i am wrong here) > > > > Just wanted to put this here, so when L3 design is finalized these > > connections > > are also taken care of in OVN for port security. > > Where's the spec for allowed address pairs? It's probably pretty easy > to implement in OVN. > > The API developer documentation is here [1]. The BP with a link to a google doc (this was implemented in 2013) is here [2].
[1] http://specs.openstack.org/openstack/neutron-specs/specs/api/allowed_address_pairs.html [2] https://blueprints.launchpad.net/neutron/+spec/allowed-address-pairs > (As an aside, I originally specified OVN port security to be more > general and to handle L2 and L3, but I didn't like what I'd specified > and so I dropped back to something simple and L2-only, with the idea > being that we'd enhance it to match whatever Neutron actually wants > later. Now is the time, I guess.) > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
