settingsLogin | Registersettings

[openstack-dev] [heat][neutron] allowed_address_pairs does not work

0 votes

Hi,

I see that the neutron port resource has a property named as
allowedaddresspairs and I tried to use this property to create a port,
but seems it does not working.

I want to create a port with mac as fa:16:3e:05:d5:9f and ip as
192.168.0.58, but after create with a heat template, the final neutron port
mac is fa:16:3e:01:45:bb and ip is 192.168.0.62, can someone show me where
is wrong in my configuration?

Also allowedaddresspairs is a list, does it means that I can create a
port with multiple mac and ip address, if this is the case, then when
create a VM with this port, does it mean that the VM can have multiple
mac&ip?

[root@prsdemo2 ~]# cat port-3.yaml
heattemplateversion: 2013-05-23

description: >
HOT template to create a new neutron network plus a router to the public
network, and for deploying two servers into the new network. The template
also
assigns floating IP addresses to each server so they are routable from the
public network.

resources:

server1port:
type: OS::Neutron::Port
properties:
allowed
addresspairs:
- mac
address: "fa:16:3e:05:d5:9f"
ipaddress: "192.168.0.58"
network: "demonet"
[root@prsdemo2 ~]# heat stack-create -f ./port-3.yaml p3
+--------------------------------------+------------+--------------------+----------------------+
| id | stack
name | stackstatus |
creation
time |
+--------------------------------------+------------+--------------------+----------------------+
| 234d512c-4c90-4d4e-8d1c-ccf272254477 | p3 | CREATEINPROGRESS |
2015-03-03T14:35:49Z |
+--------------------------------------+------------+--------------------+----------------------+
[root@prsdemo2 ~]# heat stack-list
+--------------------------------------+------------+-----------------+----------------------+
| id | stackname | stackstatus |
creationtime |
+--------------------------------------+------------+-----------------+----------------------+
| 234d512c-4c90-4d4e-8d1c-ccf272254477 | p3 | CREATE
COMPLETE |
2015-03-03T14:35:49Z |
+--------------------------------------+------------+-----------------+----------------------+
[root@prsdemo2 ~]# neutron port-list
+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+
| id |
name | macaddress |
fixed
ips
|
+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+
| 8d20b3a4-024a-4613-9d26-3d49534a839c |
p3-server1port-op3w5yzyks5i | fa:16:3e:01:45:bb |
{"subnet
id": "4e7b6983-7364-4a71-8d9c-580d88fd4797", "ip_address":
"192.168.0.62"} |
+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+

--
Thanks,

Jay Lau (Guangya Liu)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
asked Mar 3, 2015 in openstack-dev by Jay_Lau (7,320 points)   1 8 11

1 Response

0 votes

While it is entirely possible that the feature is broken, it seems that in
this case you're expecting the allowedaddresspairs to populate fixed_ips.
Neutron does many crazy and unreasonable things but asking you to pass an
attribute in the request to populate another attribute is not one of these!

Basically allowed address pairs are MAC/IP pairs for which you allow
traffic on a port, but that are not managed by neutron. This means that, in
your case, if you defined an additional IP address and set it to 192.168.0.58
in your instance, Neutron would allow traffic from or to that address. If
you did not explicitly add that address in allowedaddresspairs neutron
would block traffic to and from it.
From the CLI, you should be able to see allowed address pairs configured on
a port with neutron port-show

If you wanted to configure 192.168.0.58 as your port's IP address and let
neutron manage it, you should be able to use the fixed_ips
attribute, although I don't know how to leverage that through Heat
templates.

Salvatore

On 3 March 2015 at 15:41, Jay Lau jay.lau.513@gmail.com wrote:

Hi,

I see that the neutron port resource has a property named as
allowedaddresspairs and I tried to use this property to create a port,
but seems it does not working.

I want to create a port with mac as fa:16:3e:05:d5:9f and ip as
192.168.0.58, but after create with a heat template, the final neutron port
mac is fa:16:3e:01:45:bb and ip is 192.168.0.62, can someone show me where
is wrong in my configuration?

Also allowedaddresspairs is a list, does it means that I can create a
port with multiple mac and ip address, if this is the case, then when
create a VM with this port, does it mean that the VM can have multiple
mac&ip?

[root@prsdemo2 ~]# cat port-3.yaml
heattemplateversion: 2013-05-23

description: >
HOT template to create a new neutron network plus a router to the public
network, and for deploying two servers into the new network. The
template also
assigns floating IP addresses to each server so they are routable from
the
public network.

resources:

server1port:
type: OS::Neutron::Port
properties:
allowed
addresspairs:
- mac
address: "fa:16:3e:05:d5:9f"
ip_address: "192.168.0.58"
network: "demonet"
[root@prsdemo2 ~]# heat stack-create -f ./port-3.yaml p3

+--------------------------------------+------------+--------------------+----------------------+
| id | stackname | stackstatus |
creation_time |

+--------------------------------------+------------+--------------------+----------------------+
| 234d512c-4c90-4d4e-8d1c-ccf272254477 | p3 | CREATEINPROGRESS |
2015-03-03T14:35:49Z |

+--------------------------------------+------------+--------------------+----------------------+
[root@prsdemo2 ~]# heat stack-list

+--------------------------------------+------------+-----------------+----------------------+
| id | stackname | stackstatus |
creation_time |

+--------------------------------------+------------+-----------------+----------------------+
| 234d512c-4c90-4d4e-8d1c-ccf272254477 | p3 | CREATE_COMPLETE |
2015-03-03T14:35:49Z |

+--------------------------------------+------------+-----------------+----------------------+
[root@prsdemo2 ~]# neutron port-list

+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+
| id |
name | macaddress |
fixed
ips
|

+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+
| 8d20b3a4-024a-4613-9d26-3d49534a839c |
p3-server1port-op3w5yzyks5i | fa:16:3e:01:45:bb |
{"subnet
id": "4e7b6983-7364-4a71-8d9c-580d88fd4797", "ip_address":
"192.168.0.62"} |

+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+

--
Thanks,

Jay Lau (Guangya Liu)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Mar 3, 2015 by Salvatore_Orlando (12,280 points)   2 6 9
...