Tacker/neutron-port-attributes
Contents
Neutron port attribute enhancement
NFV and ServiceVM need extensions/enhancements for neutron port. With this page, use cases/requirements are collected and then they will be broken down to actual blueprints and implemtations.
Use case 1
Service VM implements some service, e.g., routing or VPN. That VM will then be connected to a number of Neutron Networks/Subnets in some tenant. To provide its service the VM must be able to FORWARD traffic (i.e., packets come in on one VM interface and same packets leave on another one).
Requirement
It must be possible to disable security groups on Neutron Ports used by a service VM. There exists an extension for this: https://github.com/openstack/neutron/blob/master/neutron/extensions/portsecurity.py However it is not implemented by the free plugins like ML2, Openvswitch etc.
Use case
Requirement
Requirement | Description | Priority | Blueprint Link | spec link | Patch Link |
---|---|---|---|---|---|
VLAN trunkport/l2-gateway | High | https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms, https://blueprints.launchpad.net/neutron/+spec/l2-gateway | https://review.openstack.org/97714 https://review.openstack.org/#/c/94612/ | https://review.openstack.org/#/c/92541/ | |
unfirewalled port | disable security group/anti-spoofing etc | High | https://blueprints.launchpad.net/neutron/+spec/l2-gateway https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms | ||
unaddressed port | allow port creation without IP/MAC address | ||||
sharing mac/IP addres | share a (virtual) mac/IP address by multiple service VM instances or even the two ports on the same VM |