x
/
vmware-nsx
Code Issues Proposed changes

[NSX-V] Allow VIP-like address if allow_multiple_address_pairs=True 

When this flag is enabled, spoofguard restrictions do not apply,
therefore the same IP address can be used in allowed address pairs
for multiple ports on the same logical switch.

Change-Id: Idb5175451b2aa0bec631511c68c7b404e782d8d7
This commit is contained in:
Salvatore Orlando 2019-06-13 10:57:56 -07:00
parent 248744b7c5
commit efa5e53404
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
vmware_nsx/plugins/nsx_v/plugin.py
View File

@ -1997,12 +1997,12 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
raise n_exc.InvalidInput(error_message=msg)
def _validate_address_pairs(self, context, attrs, db_port):
self._validate_unique_address_pair_across_network(
context, db_port, attrs[addr_apidef.ADDRESS_PAIRS])
network_port_security = self._get_network_security_binding(
context, db_port['network_id'])
if (not cfg.CONF.nsxv.allow_multiple_ip_addresses and
if not (cfg.CONF.nsxv.allow_multiple_ip_addresses and
not network_port_security):
self._validate_unique_address_pair_across_network(
context, db_port, attrs[addr_apidef.ADDRESS_PAIRS])
for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
# Check that the IP address is a subnet
if len(ap['ip_address'].split('/')) > 1: