Jump to: navigation, search


< Tacker
Revision as of 17:06, 21 October 2014 by Sridhar Ramaswamy (talk | contribs) (routing/VPM VM)

Neutron port attribute enhancement

NFV and ServiceVM need extensions/enhancements for neutron port. With this page, use cases/requirements are collected and then they will be broken down to actual blueprints and implemtations. For non-port related stuff, please refer to https://wiki.openstack.org/wiki/ServiceVM/neutron-and-other-project-items


Requirement Description Priority Blueprint Link design link Patch Link Use Case
VLAN trunkport/l2-gateway High https://blueprints.launchpad.net/neutron/+spec/vlan-aware-vms, https://blueprints.launchpad.net/neutron/+spec/l2-gateway https://review.openstack.org/97714 https://review.openstack.org/#/c/94612/ https://review.openstack.org/#/c/100278/ https://review.openstack.org/#/c/92541/
unfirewalled port disable security group/anti-spoofing etc. Fix Security Groups to disable anti-spoofing mechanism to allow non VM IP/mac addresses in traffic from the Service VMs.

security group should be more flexible that allows the service VMs to spoof ip or MAC. Ability to disable security groups on service VM port, at least ML2 OVS mechanism driver (e.g., by implementing the "port-security" extension

High https://blueprints.launchpad.net/neutron/+spec/nfv-unaddressed-interfaces https://blueprints.launchpad.net/neutron/+spec/ml2-ovs-portsecurity https://review.openstack.org/97715 https://review.openstack.org/#/c/99873/ router/vpm vm
unaddressed port allow port creation without IP/MAC address. Middle? a FW that is deployed in the bump-in-the-wire mode or tap mode(no ip address, no mac address), change network/subnet of vNIC(neutron port) to other without deleting vNIC in order to save unplug/plug nic(no ip address, mac address kept during unconnected state).
sharing mac/IP addres share a (virtual) mac/IP address by multiple service VM instances or even the two ports on the same VM redundant port to back up each other and both them have the same MAC and IP
port without subnet port that isn't attached to any subnet. It Thus port without IP address
Unplugged port allow port creation without associating any network/subnetwork. Allow VM creation with such port. And later those port will be pluged into network/subnet and given IP address

routing/VPN VM

Use case

Service VM implements some service, e.g., routing or VPN. That VM will then be connected to a number of Neutron Networks/Subnets in some tenant. To provide its service the VM must be able to FORWARD traffic (i.e., packets come in on one VM interface and same packets leave on another one).


It must be possible to disable security groups on Neutron Ports used by a service VM. There exists an extension for this: https://github.com/openstack/neutron/blob/master/neutron/extensions/portsecurity.py However it is not implemented by the free plugins like ML2, Openvswitch etc.

Use Case Name

Use case