Support allowed address pairs for Dragonflow

Registered by yuan wei on 2016-05-30

Allowed address pairs feature allows one to add additional ip/mac address pairs on a port to allow traffic that matches those specified values. In current implement, security module like port security and security group will restrict packets sent/received from a VM port must have the fixed ip/mac address of this VM port. Besides, L2 and L3 transmission will forward packets only according those fixed addresses. Those module should make some changes to support allowed address pairs.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
yuan wei
Direction:
Needs approval
Assignee:
yuan wei
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/dragonflow-allowed-address-pairs,n,z

Spec provided here: https://review.openstack.org/#/c/322799/
    Add allowed address pairs spec

Spec provided here: https://review.openstack.org/#/c/334287/
    Modify allowed address pairs spec file

Gerrit topic: https://review.openstack.org/#q,topic:bp/allowed-address-pairs,n,z

Addressed by: https://review.openstack.org/339975
    add active detection app for allowed address pairs

Addressed by: https://review.openstack.org/394282
    Moved config options of metadata_service_app

Gerrit topic: https://review.openstack.org/#q,topic:sg_support_allowed_address_pairs,n,z

Addressed by: https://review.openstack.org/398889
    SGApp support allowed address pairs

Addressed by: https://review.openstack.org/435690
    add L2 app process when active port events happened

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.