2016-03-01 05:47:48 |
Sridhar Ramaswamy |
description |
Tacker currently automatically sets "port_security_enabled" flag to False for some ports,
- ports that are marked as "management"
- ports with static IP address assigned
For other simple ports specifications the port_security_enabled flag is unspecified and hence defaults to True. Beyond the fact that this is inconsistent which needs to be fixed, we to expose an attribute for Tacker VNFD to explicit model it in the TOSCA template.
Something like,
DataCP:
type: tosca.nodes.nfv.CP
properties:
port_security: [True | False] |
Tacker currently automatically sets "port_security_enabled" flag to False for some ports,
- ports that are marked as "management"
- ports with static IP address assigned
For other simple ports specifications the port_security_enabled flag is unspecified and hence defaults to True. Beyond the fact that this is inconsistent which needs to be fixed, we to expose an attribute for Tacker VNFD to explicit model it in the TOSCA template.
Something like,
DataCP:
type: tosca.nodes.nfv.CP
properties:
anti_spoof_protection: [true | false]
Note from Sripriya:
looks like port-security-enabled can be set at network level as well,
http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Neutron::Net-hot
.. which changes the default value of all ports created in that neutron network. So a similar flag can be introduced in VirtualLink as well,
InternalVL:
type: tosca.nodes.nfv.VL
properties:
cidr: 10.10.1.0/24
gateway: 10.10.1.1
anti_spoof_protection: [true | false] |
|