The patch relies on the fact that traffic not going from instance
(and thus port not managed by firewall) is tagged. Traffic coming from
the instance is not tagged and thus net register is used for marking
such traffic. These two approaches make matching rules unique even if
two ports from different networks share its' mac addressess.
Traffic coming from trusted ports is marked with network in registry
so firewall can decide later to which network traffic belongs.
Closes-bug: #1626010
Change-Id: Ia05d75a01b0469a0eaa82ada67b16a9481c50f1c
Unbound ports that are associated with a Floating IP and connected to
DVR Routers will not be serviced by the DVR Routers, unless we bind it
to a valid host.
This server side patch allows the neutron server to schedule the
unbound port Floating IP on the network node or the node with dvr_snat
agent where the SNAT functionality resides.
The DNAT rules for the unbound ports will be configured in the SNAT
namespace on the network node.
Related-Bug: #1583694
Change-Id: I05d0bfb3fa275b1e4e479928000cf8494da858f6
This change moves the strip_vlan action from RULES_INGRESS/82 to
TRANSIENT_TABLE after the point where the traffic from local VM ports
has been moved to BASE_EGRESS. A reason for this move is that strip_vlan
is only needed for traffic *not* coming from VM ports and coming on a
patch port from br-*, and that it is hence simpler do do the strip_vlan
in TRANSIENT_TABLE rather than in mutliple places that also happen to be
common with traffic from local VMs.
This change also addresses another need:
I16a35b5d6c54901899d24fc94bd3438c1f1be05e results in add_flow being
possibly done with an Openflow version higher than OF1.0. The
strip_action as currently done is not compatible with OF>1.0, because
later versions require matching on dl_vlan first (the "strip vlan if
there is one" behavior of OF1.0 is not supported anymore). For this
reason this change adds a match on dl_vlan for the strip_vlan rule.
Change-Id: I76ee34a614237bbc99989ce9c1b96a30456be282
This will help us debug why flows are unexpectedly being
cleaned up if the related bug ever resurfaces.
Related-Bug: #1697243
Change-Id: I517b16c550037f41a5f4915b98963c2232daa78c
Use the new constraint interface on the context rather than
setting an ugly attribute.
Depends-On: I6bc2539a1ddbf7990164abeb8bb951ddcb45c993
Related-Bug: #1493714
Change-Id: I9142ca96a40092b2a4c94920c4ded9bbc3a0b35b
Neutron repository has the networking guide in admin/,
so we cannot just import the admin guide contents into admin/
as it potentially breaks the existing document structure of
the networking guide. This commit imports the admin guide
into admin/archives directory so that the team can migrate them
into the networking guide after careful reviews.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I1f99f225a6f58654911ed827f51d3d4de67f405d
Enable a callback to be bound for deletion of routers.
A use case for this is in the NSX plugins, here a load
balancer needs to be connected to an existing router.
If one tries to delete the router then we would like to
prevent that if a load balancer is attached.
Change-Id: Ie0c422578acaa94e8e34c15beca9f18691a3abc6
Extend existing quota api to report a quota set. The quota set
will contain a set of resources and its corresponding reservation,
limits and in_use count for each tenant.
DocImpact:Documentation describing the new API as well as the new
information that it exposes.
APIImpact
Co-Authored-By: Prince Boateng<prince.a.owusu.boateng@intel.com>
Change-Id: Ief2a6a4d2d7085e2a9dcd901123bc4fe6ac7ca22
Related-bug: #1599488
The following Read-only property has moved in Pike [1].
os_adm -> os_admin
os -> os_primary
[1] I9f7c13da05a8c4a63529c11aa6213a7269abee6d
Ie4cf457d0a521910a82e41e7dad775df75d56587
Change-Id: I512048211888c3db40f95a084164e3add47e3588
Adding mtu parameter to check_remote_connectivity function.
When given, send packets of that size.
If fragmentation flag is False, then don't fragment the packets.
Change-Id: I5f2742b6e8fd894fcfe4c0e2a7eb4a14d2594dd4
This change adds a dns_domain attribute to ports in the API.
This patchset belongs to a series that adds dns_domain attribute
functionality to ports.
Change-Id: Ied1f2f0c1e96ae21c309b6e6fed9e3c602b0450b
Partial-Bug: #1650678
Function 'tempest.test.attr()' has been moved to'tempest.lib.decorators.attr()'
in Pike and will be removed in a future version [1]. This patch is to replace
'tempest.test.attr()' with 'tempest.lib.decorators.attr()'.
[1] Iaafbb112b6eee458089cc49918359a8a8d0485e2
Depends-On: I50b823b049d0e391ac517f7ec72380a12fa81176
Change-Id: I1e511166a114a79504404c88579f6cb0c4caaebe
Before the doc-migration I proposed this patch:
Ica9c2beeee5f24cbdf0b947bb0371c41375c48c7
The following patch removed the ml2_conf_sriov.ini file:
Ida6c0930ce65169a9bc59ef80d6b427b2d5d4e09
In order to reduce confusion, lets remove the reference to it.
Change-Id: I22aacebc13c0c3c5eb361f79c293d3012f1ac149
