Packt+ | Advance your knowledge in tech

You're reading from Learning OpenStack Networking (Neutron), Second Edition Wield the power of OpenStack Neutron networking to bring network infrastructure and capabilities to your cloud

Product type Paperback

Published in Nov 2015

Publisher Packt

ISBN-13 9781785287725

Length 462 pages

Edition 1st Edition

Languages

Python

Tools

OpenStack

Concepts

Cloud Computing

Author (1):

James Denton

View More author details

Table of Contents (16) Chapters

Preface

1. Preparing the Network for OpenStack FREE CHAPTER

2. Installing OpenStack

3. Installing Neutron

4. Building a Virtual Switching Infrastructure

5. Creating Networks with Neutron

6. Managing Security Groups

7. Creating Standalone Routers with Neutron

8. Router Redundancy Using VRRP

9. Distributed Virtual Routers

10. Load Balancing Traffic to Instances

11. Firewall as a Service

12. Virtual Private Network as a Service

A. Additional Neutron Commands

B. Virtualizing the Environment

Index

Disabling port security

By default, Neutron applies antispoofing rules to all ports to ensure that unexpected or undesired traffic cannot originate from or pass through a port. This includes rules that prohibit instances from running DHCP servers or acting as routers. To address the latter, the allowed-address-pairs extension can be used to allow additional subnets and MAC addresses through the port. However, additional functionality may be required that cannot be addressed by the allowed-address-pairs extension.

In Kilo, the port security extension was introduced for the ML2 plugin that allows all packet filtering to be disabled on a port. This is especially useful when deploying instances for NFV purposes. The port security extension requires additional configuration, which will be discussed in the following sections.

Configuring Neutron

To enable the port security extension, edit the ML2 configuration file on the controller node at /etc/neutron/plugins/ml2/ml2_conf.ini, and add the following...