728x90
port security enable 시 ovs에 rule로 설정됨
*참고: https://docs.openstack.org/neutron/latest/contributor/internals/openvswitch_firewall.html
Following rules implement ARP spoofing protection
[port security enable rule]
(overcloudrc) $ openstack port set --enable-port-security c118606c-499e-4149-82c1-deb4cde0338e
[compute node]# ovs-ofctl dump-flows br-int -OOpenflow13 | grep arp_spa
cookie=0x6bb0881e9c62ee1, duration=17101.788s, table=24, n_packets=50, n_bytes=2100, priority=2,arp,in_port=8,
arp_spa=100.100.105.13 actions=goto_table:25
[port security disable rule]
(overcloudrc) $ openstack port set --no-security-group --disable-port-security c118606c-499e-4149-82c1-deb4cde0338e
[compute node]# ovs-ofctl dump-flows br-int -OOpenflow13| grep arp_spa
없음
반응형
'Openstack' 카테고리의 다른 글
| [RHOSP] baremetal node import 불가시 트러블슈팅 (0) | 2021.09.08 |
|---|---|
| 매번 헷갈리는 오픈스택 tip (0) | 2021.08.31 |
| cloud image root password 설정 (0) | 2021.07.16 |
| numa 양쪽에 리소스 분배하는 flavor 설정 (0) | 2021.07.06 |
| hpe3par cinder thick volume create (0) | 2021.07.06 |
