Merge "complete api-ref for addr pairs and port security"
This commit is contained in:
commit
b718a497d5
api-ref/source/v2
@ -69,6 +69,19 @@ The ``dns_domain`` of a network in conjunction with the ``dns_name`` attribute
|
||||
of its ports will be published in an external DNS service when Neutron is
|
||||
configured to integrate with such a service.
|
||||
|
||||
Port security
|
||||
=============
|
||||
|
||||
The ``port-security`` extension adds the ``port_security_enabled`` boolean
|
||||
attribute to networks. At the network level, ``port_security_enabled``
|
||||
defines the default value for new ports attached to the network; they will
|
||||
inherit the value of their network's ``port_security_enabled`` unless
|
||||
explicitly set on the port itself. While the default value for
|
||||
``port_security_enabled`` is ``true``, this can be changed by updating the
|
||||
respective network. Note that changing a value of ``port_security_enabled``
|
||||
on a network, does not cascade the value to ports attached to the network.
|
||||
|
||||
|
||||
Show network details
|
||||
====================
|
||||
|
||||
|
@ -572,27 +572,25 @@ alias:
|
||||
type: string
|
||||
allowed_address_pairs:
|
||||
description: |
|
||||
A set of zero or more allowed address pairs.
|
||||
An address pair consists of an IP address range and MAC address
|
||||
with the format of
|
||||
``{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}``.
|
||||
A server connected to the port can send a packet with source address
|
||||
which matches one of the specified allowed address pairs.
|
||||
A set of zero or more allowed address pair objects each where address pair
|
||||
object contains an ``ip_address`` and ``mac_address``. While the
|
||||
``ip_address`` is required, the ``mac_address`` will be taken from the
|
||||
port if not specified. The value of ``ip_address`` can be an IP Address
|
||||
or a CIDR (if supported by the underlying extension plugin).
|
||||
A server connected to the port can send a packet with source address which
|
||||
matches one of the specified allowed address pairs.
|
||||
in: body
|
||||
required: true
|
||||
type: array
|
||||
allowed_address_pairs-request:
|
||||
description: |
|
||||
A set of zero or more allowed address pairs.
|
||||
An address pair consists of an IP address range and MAC address
|
||||
with the format of
|
||||
``{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}``.
|
||||
A server connected to the port can send a packet with source address
|
||||
which matches one of the specified allowed address pairs.
|
||||
The default is an empty list.
|
||||
For each address pair, ``ip_address`` is required and IP address or
|
||||
CIDR can be specified. ``mac_address`` is optional and if unspecified
|
||||
the MAC address of the port is used as default.
|
||||
A set of zero or more allowed address pair objects each where address pair
|
||||
object contains an ``ip_address`` and ``mac_address``. While the
|
||||
``ip_address`` is required, the ``mac_address`` will be taken from the
|
||||
port if not specified. The value of ``ip_address`` can be an IP Address
|
||||
or a CIDR (if supported by the underlying extension plugin).
|
||||
A server connected to the port can send a packet with source address which
|
||||
matches one of the specified allowed address pairs.
|
||||
in: body
|
||||
required: false
|
||||
type: array
|
||||
|
@ -15,8 +15,6 @@ The extension defines several attributes whose names have a prefix
|
||||
``binding:`` including ``binding:host_id``, ``binding:vnic_type``,
|
||||
``binding:vif_type``, ``binding:vif_details``, and ``binding:profile``.
|
||||
|
||||
|
|
||||
|
||||
Data plane status extension
|
||||
===========================
|
||||
|
||||
@ -46,6 +44,25 @@ extension must be used in conjunction with the ``dns-integration`` extension.
|
||||
When enabled and set, a port level ``dns_domain`` take precedence over a
|
||||
``dns_domain`` specified in the port's network allowing per-port DNS domains.
|
||||
|
||||
Port security
|
||||
=============
|
||||
|
||||
The ``port-security`` extension adds the ``port_security_enabled`` boolean
|
||||
attribute to ports. If a ``port-security`` value is not specified during
|
||||
port creation, a port will inherit the ``port_security_enabled`` from the
|
||||
network its connected to.
|
||||
|
||||
Allowed address pairs
|
||||
=====================
|
||||
|
||||
The ``allowed-address-pairs`` extension adds an ``allowed_address_pairs``
|
||||
attribute to ports. The value of ``allowed_address_pairs`` is an array of
|
||||
allowed address pair objects, each having an ``ip_address`` and a
|
||||
``mac_address``. The set of allowed address pairs defines IP and MAC address
|
||||
that the port can use when sending packets if ``port_security_enabled`` is
|
||||
``true`` (see the ``port-security`` extension). Note that while the
|
||||
``ip_address`` is required in each allowed address pair, the ``mac_address``
|
||||
is optional and will be taken from the port if not specified.
|
||||
|
||||
Show port details
|
||||
=================
|
||||
|
@ -6,6 +6,7 @@
|
||||
"admin_state_up": true,
|
||||
"dns_domain": "",
|
||||
"mtu": 1500,
|
||||
"port_security_enabled": true,
|
||||
"project_id": "9bacb3c5d39d41a79512987f338cf177",
|
||||
"tenant_id": "9bacb3c5d39d41a79512987f338cf177",
|
||||
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
|
||||
|
@ -17,6 +17,7 @@
|
||||
"shared": false,
|
||||
"id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
|
||||
"provider:segmentation_id": 2,
|
||||
"description": ""
|
||||
"description": "",
|
||||
"port_security_enabled": true
|
||||
}
|
||||
}
|
||||
|
@ -21,7 +21,8 @@
|
||||
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
|
||||
"updated_at": "2016-03-08T20:19:41",
|
||||
"vlan_transparent": false,
|
||||
"description": ""
|
||||
"description": "",
|
||||
"port_security_enabled": true
|
||||
},
|
||||
{
|
||||
"admin_state_up": true,
|
||||
@ -44,7 +45,8 @@
|
||||
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
|
||||
"updated_at": "2016-03-08T20:19:41",
|
||||
"vlan_transparent": false,
|
||||
"description": ""
|
||||
"description": "",
|
||||
"port_security_enabled": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,7 +1,12 @@
|
||||
{
|
||||
"port": {
|
||||
"admin_state_up": true,
|
||||
"allowed_address_pairs": [],
|
||||
"allowed_address_pairs": [
|
||||
{
|
||||
"ip_address": "12.12.11.12",
|
||||
"mac_address": "fa:14:2a:b3:cb:f0"
|
||||
}
|
||||
],
|
||||
"binding:host_id": "4df8d9ff-6f6f-438f-90a1-ef660d4586ad",
|
||||
"binding:profile": {
|
||||
"local_link_information": [
|
||||
@ -42,6 +47,7 @@
|
||||
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
|
||||
],
|
||||
"status": "DOWN",
|
||||
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
|
||||
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
|
||||
"port_security_enabled": true
|
||||
}
|
||||
}
|
||||
|
@ -35,6 +35,7 @@
|
||||
"ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
|
||||
],
|
||||
"status": "DOWN",
|
||||
"tenant_id": "522eda8d23124b25bf03fe44f1986b74"
|
||||
"tenant_id": "522eda8d23124b25bf03fe44f1986b74",
|
||||
"port_security_enabled": false
|
||||
}
|
||||
}
|
||||
|
@ -4,6 +4,13 @@
|
||||
"dns_domain": "my-domain.org.",
|
||||
"dns_name": "myport",
|
||||
"name": "private-port",
|
||||
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
|
||||
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
|
||||
"port_security_enabled": true,
|
||||
"allowed_address_pairs": [
|
||||
{
|
||||
"ip_address": "12.12.11.12",
|
||||
"mac_address": "fa:14:2a:b3:cb:f0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -1,7 +1,12 @@
|
||||
{
|
||||
"port": {
|
||||
"admin_state_up": true,
|
||||
"allowed_address_pairs": [],
|
||||
"allowed_address_pairs": [
|
||||
{
|
||||
"ip_address": "12.12.11.12",
|
||||
"mac_address": "fa:14:2a:b3:cb:f0"
|
||||
}
|
||||
],
|
||||
"created_at": "2016-03-08T20:19:41",
|
||||
"data_plane_status": null,
|
||||
"description": "",
|
||||
|
@ -35,6 +35,7 @@
|
||||
"ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
|
||||
],
|
||||
"status": "DOWN",
|
||||
"tenant_id": "522eda8d23124b25bf03fe44f1986b74"
|
||||
"tenant_id": "522eda8d23124b25bf03fe44f1986b74",
|
||||
"port_security_enabled": false
|
||||
}
|
||||
}
|
||||
|
@ -25,7 +25,8 @@
|
||||
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
|
||||
],
|
||||
"status": "DOWN",
|
||||
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
|
||||
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
|
||||
"port_security_enabled": false
|
||||
},
|
||||
{
|
||||
"admin_state_up": false,
|
||||
@ -53,7 +54,8 @@
|
||||
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
|
||||
],
|
||||
"status": "DOWN",
|
||||
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
|
||||
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
|
||||
"port_security_enabled": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -29,7 +29,8 @@
|
||||
"revision_number": 1,
|
||||
"security_groups": [],
|
||||
"status": "ACTIVE",
|
||||
"tenant_id": ""
|
||||
"tenant_id": "",
|
||||
"port_security_enabled": false
|
||||
},
|
||||
{
|
||||
"admin_state_up": true,
|
||||
@ -60,7 +61,8 @@
|
||||
"revision_number": 1,
|
||||
"security_groups": [],
|
||||
"status": "ACTIVE",
|
||||
"tenant_id": "d397de8a63f341818f198abb0966f6f3"
|
||||
"tenant_id": "d397de8a63f341818f198abb0966f6f3",
|
||||
"port_security_enabled": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user