Comment 6 for bug 1793029

I just wanted to clarify a few things.

1. You are using the iptables hybrid firewall driver, i.e. in ml2_conf.ini:

firewall_driver = iptables_hybrid

Not sure if the same issue exists using 'openvswitch' as the firewall_driver.

2. We should identify the correct way to get what you want, for example:

$ openstack port set --disable-port-security <port_id>

3. I think in this case the ipset wound up being shared amongst the ports from this tenant on the compute node, right? Other compute nodes with ports in this subnet are probably not affected? I haven't tried to reproduce this locally yet so just assuming.

4. Possible workaround is to disable the use of ipset by changing this in ml2_conf.ini:

enable_ipset = false

performance will be impacted though.