Created
August 10, 2016 03:33
-
-
Save reedho/b6751938fca8247cec197d43ed860db8 to your computer and use it in GitHub Desktop.
Regarding how to disable source-check ala AWS instance on openstack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Asked and answered here: | |
| https://ask.openstack.org/en/question/51392/neutron-openvswitch-port-how-to-disable-source-ip-address-checking/ | |
| In short, there are "allowed-address-pairs" that can alternatively used to solve such a problem. | |
| Some scenario like: | |
| - An instance has two ports in two different subnet, one belong in e.g. 10.1.1.123 (eth0) | |
| and the other one in 10.1.2.223 (eth1). | |
| - This instance will act as router between the two network without NAT involved. | |
| - To be able to pass packet came from 10.1.2.0/24 to net 10.1.1.0/24 we can set the port to use "allowed_address_pairs", e.g. | |
| neutron port-update --allowed-address-pairs ip_address=10.1.2.0/24 <port-id-of-eth0> | |
| Need to check and investigate this futher later on. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment