Merge "complete api-ref for addr pairs and port security"

This commit is contained in:
Zuul 2017-10-17 16:01:50 +00:00 committed by Gerrit Code Review
commit b718a497d5
13 changed files with 87 additions and 31 deletions

View File

@ -69,6 +69,19 @@ The ``dns_domain`` of a network in conjunction with the ``dns_name`` attribute
of its ports will be published in an external DNS service when Neutron is
configured to integrate with such a service.
Port security
=============
The ``port-security`` extension adds the ``port_security_enabled`` boolean
attribute to networks. At the network level, ``port_security_enabled``
defines the default value for new ports attached to the network; they will
inherit the value of their network's ``port_security_enabled`` unless
explicitly set on the port itself. While the default value for
``port_security_enabled`` is ``true``, this can be changed by updating the
respective network. Note that changing a value of ``port_security_enabled``
on a network, does not cascade the value to ports attached to the network.
Show network details
====================

View File

@ -572,27 +572,25 @@ alias:
type: string
allowed_address_pairs:
description: |
A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
``{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}``.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs.
A set of zero or more allowed address pair objects each where address pair
object contains an ``ip_address`` and ``mac_address``. While the
``ip_address`` is required, the ``mac_address`` will be taken from the
port if not specified. The value of ``ip_address`` can be an IP Address
or a CIDR (if supported by the underlying extension plugin).
A server connected to the port can send a packet with source address which
matches one of the specified allowed address pairs.
in: body
required: true
type: array
allowed_address_pairs-request:
description: |
A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
``{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}``.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs.
The default is an empty list.
For each address pair, ``ip_address`` is required and IP address or
CIDR can be specified. ``mac_address`` is optional and if unspecified
the MAC address of the port is used as default.
A set of zero or more allowed address pair objects each where address pair
object contains an ``ip_address`` and ``mac_address``. While the
``ip_address`` is required, the ``mac_address`` will be taken from the
port if not specified. The value of ``ip_address`` can be an IP Address
or a CIDR (if supported by the underlying extension plugin).
A server connected to the port can send a packet with source address which
matches one of the specified allowed address pairs.
in: body
required: false
type: array

View File

@ -15,8 +15,6 @@ The extension defines several attributes whose names have a prefix
``binding:`` including ``binding:host_id``, ``binding:vnic_type``,
``binding:vif_type``, ``binding:vif_details``, and ``binding:profile``.
|
Data plane status extension
===========================
@ -46,6 +44,25 @@ extension must be used in conjunction with the ``dns-integration`` extension.
When enabled and set, a port level ``dns_domain`` take precedence over a
``dns_domain`` specified in the port's network allowing per-port DNS domains.
Port security
=============
The ``port-security`` extension adds the ``port_security_enabled`` boolean
attribute to ports. If a ``port-security`` value is not specified during
port creation, a port will inherit the ``port_security_enabled`` from the
network its connected to.
Allowed address pairs
=====================
The ``allowed-address-pairs`` extension adds an ``allowed_address_pairs``
attribute to ports. The value of ``allowed_address_pairs`` is an array of
allowed address pair objects, each having an ``ip_address`` and a
``mac_address``. The set of allowed address pairs defines IP and MAC address
that the port can use when sending packets if ``port_security_enabled`` is
``true`` (see the ``port-security`` extension). Note that while the
``ip_address`` is required in each allowed address pair, the ``mac_address``
is optional and will be taken from the port if not specified.
Show port details
=================

View File

@ -6,6 +6,7 @@
"admin_state_up": true,
"dns_domain": "",
"mtu": 1500,
"port_security_enabled": true,
"project_id": "9bacb3c5d39d41a79512987f338cf177",
"tenant_id": "9bacb3c5d39d41a79512987f338cf177",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",

View File

@ -17,6 +17,7 @@
"shared": false,
"id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
"provider:segmentation_id": 2,
"description": ""
"description": "",
"port_security_enabled": true
}
}

View File

@ -21,7 +21,8 @@
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
"description": "",
"port_security_enabled": true
},
{
"admin_state_up": true,
@ -44,7 +45,8 @@
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
"description": "",
"port_security_enabled": true
}
]
}

View File

@ -1,7 +1,12 @@
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"allowed_address_pairs": [
{
"ip_address": "12.12.11.12",
"mac_address": "fa:14:2a:b3:cb:f0"
}
],
"binding:host_id": "4df8d9ff-6f6f-438f-90a1-ef660d4586ad",
"binding:profile": {
"local_link_information": [
@ -42,6 +47,7 @@
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"port_security_enabled": true
}
}

View File

@ -35,6 +35,7 @@
"ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
],
"status": "DOWN",
"tenant_id": "522eda8d23124b25bf03fe44f1986b74"
"tenant_id": "522eda8d23124b25bf03fe44f1986b74",
"port_security_enabled": false
}
}

View File

@ -4,6 +4,13 @@
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"name": "private-port",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"port_security_enabled": true,
"allowed_address_pairs": [
{
"ip_address": "12.12.11.12",
"mac_address": "fa:14:2a:b3:cb:f0"
}
]
}
}

View File

@ -1,7 +1,12 @@
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"allowed_address_pairs": [
{
"ip_address": "12.12.11.12",
"mac_address": "fa:14:2a:b3:cb:f0"
}
],
"created_at": "2016-03-08T20:19:41",
"data_plane_status": null,
"description": "",

View File

@ -35,6 +35,7 @@
"ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
],
"status": "DOWN",
"tenant_id": "522eda8d23124b25bf03fe44f1986b74"
"tenant_id": "522eda8d23124b25bf03fe44f1986b74",
"port_security_enabled": false
}
}

View File

@ -25,7 +25,8 @@
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"port_security_enabled": false
},
{
"admin_state_up": false,
@ -53,7 +54,8 @@
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"port_security_enabled": false
}
]
}

View File

@ -29,7 +29,8 @@
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": ""
"tenant_id": "",
"port_security_enabled": false
},
{
"admin_state_up": true,
@ -60,7 +61,8 @@
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": "d397de8a63f341818f198abb0966f6f3"
"tenant_id": "d397de8a63f341818f198abb0966f6f3",
"port_security_enabled": false
}
]
}