Comment 2 for bug 1845622

Hi Bence, sorry for late response.

We actually had been used "enable_security_group=True and firewall_driver=noop" which is what you said.

I don't know exact causes to use like that, but we had a very old comment about it ("There were many features to assume security_group is enabled in neutron, so we just turn it on and use noop). It's been a 3~4 years passed now so I want to change to just turn security group off because it's more explicit. (Our team has some misunderstanding about it.)

After some inspect, it seems to be nothing weird which I think occur in the past. But allowed_address_pair is only one that I found.

For the use cases, I think it's better to say our environments. We have additional processes the port to be routed which helps integrate underlay networks. (it's none of the neutron related). We have to know which IPs should be routed in our environments, and we've been used allowed_address_pairs for the use case. So, even if security group is disabled, we want to allowed_address_pair functionality itself.

Thanks for the tagging, I also think it's rfe rather than bug.

Thanks