For allowed address pairs to be functional on NSXv3 plugin, we
need to enforce both Spoof Guard and MAC Learning switching
profile. MAC Learning is used to learning the mac address and
spoof guard is used for switch security to ensure only added
allowed address pairs to be allowed on this port.
Moreover, during fix bug #1631540, we removed the parameter
"mac_change_allowed". After further discussion with NSX team,
it doesn't have negative effect to add it back. The value it can
bring is to support guest VM on ESX host to change MAC address (
the mac_address still needs to be in allowed address pairs) on the
interface.
Change-Id: I2c725df74835165587170f6136c06494d1bfcf7b
Closes-Bug: #1631539
(cherry picked from commit c12d8f88cb59b9048e642ee623fed0fdc310ab08)
Reviewed: https:/ /review. openstack. org/386953 /git.openstack. org/cgit/ openstack/ vmware- nsx/commit/ ?id=ad74f9be728 aa663b221d02761 07d54d4c1f2599
Committed: https:/
Submitter: Jenkins
Branch: stable/mitaka
commit ad74f9be728aa66 3b221d0276107d5 4d4c1f2599
Author: Tong Liu <email address hidden>
Date: Fri Oct 7 22:01:24 2016 +0000
NSXv3: Fix allowed address pairs switching profile
For allowed address pairs to be functional on NSXv3 plugin, we
need to enforce both Spoof Guard and MAC Learning switching
profile. MAC Learning is used to learning the mac address and
spoof guard is used for switch security to ensure only added
allowed address pairs to be allowed on this port.
Moreover, during fix bug #1631540, we removed the parameter change_ allowed" . After further discussion with NSX team,
"mac_
it doesn't have negative effect to add it back. The value it can
bring is to support guest VM on ESX host to change MAC address (
the mac_address still needs to be in allowed address pairs) on the
interface.
Change-Id: I2c725df7483516 5587170f6136c06 494d1bfcf7b 48e642ee623fed0 fdc310ab08)
Closes-Bug: #1631539
(cherry picked from commit c12d8f88cb59b90