Public bug reported: I have created a network with port security set to enabled. I have set --no-security-group and --port_security_enabled=False on the port however the iptables on the hypervisor is not consistently set.
I have 2 VM on this hypervisors: VM1: tap0cc26c65-d1 VM2: tap672dbe42-10 Dump of iptables save: -A INPUT -j neutron-openvswi-INPUT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j neutron-filter-top -A FORWARD -j neutron-openvswi-FORWARD -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -j neutron-filter-top -A OUTPUT -j neutron-openvswi-OUTPUT -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT -A neutron-filter-top -j neutron-openvswi-local -A neutron-openvswi-FORWARD -m physdev --physdev-out tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-in tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-out tap1fe43774-ef --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-in tap1fe43774-ef --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-out tap0cc26c65-d1 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT -A neutron-openvswi-FORWARD -m physdev --physdev-in tap0cc26c65-d1 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT -A neutron-openvswi-INPUT -m physdev --physdev-in tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Direct incoming traffic from VM to the security group chain." -j neutron-openvswi-o85e24fb1-6 -A neutron-openvswi-INPUT -m physdev --physdev-in tap1fe43774-ef --physdev-is-bridged -m comment --comment "Direct incoming traffic from VM to the security group chain." -j neutron-openvswi-o1fe43774-e -A neutron-openvswi-INPUT -m physdev --physdev-in tap0cc26c65-d1 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT -A neutron-openvswi-i1fe43774-e -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-i1fe43774-e -s 10.1.51.1/32 -p udp -m udp --sport 67 -m udp --dport 68 -j RETURN -A neutron-openvswi-i1fe43774-e -p tcp -m tcp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i1fe43774-e -p udp -m udp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i1fe43774-e -m set --match-set NIPv4a5bf8991-231c-43db-9dd0- src -j RETURN -A neutron-openvswi-i1fe43774-e -p icmp -j RETURN -A neutron-openvswi-i1fe43774-e -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-i1fe43774-e -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-i85e24fb1-6 -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-i85e24fb1-6 -s 10.1.51.1/32 -p udp -m udp --sport 67 -m udp --dport 68 -j RETURN -A neutron-openvswi-i85e24fb1-6 -p tcp -m tcp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i85e24fb1-6 -p udp -m udp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i85e24fb1-6 -m set --match-set NIPv4a5bf8991-231c-43db-9dd0- src -j RETURN -A neutron-openvswi-i85e24fb1-6 -p icmp -j RETURN -A neutron-openvswi-i85e24fb1-6 -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-i85e24fb1-6 -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-o1fe43774-e -p udp -m udp --sport 68 -m udp --dport 67 -m comment --comment "Allow DHCP client traffic." -j RETURN -A neutron-openvswi-o1fe43774-e -j neutron-openvswi-s1fe43774-e -A neutron-openvswi-o1fe43774-e -p udp -m udp --sport 67 -m udp --dport 68 -m comment --comment "Prevent DHCP Spoofing by VM." -j DROP -A neutron-openvswi-o1fe43774-e -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-o1fe43774-e -j RETURN -A neutron-openvswi-o1fe43774-e -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-o1fe43774-e -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-o85e24fb1-6 -p udp -m udp --sport 68 -m udp --dport 67 -m comment --comment "Allow DHCP client traffic." -j RETURN -A neutron-openvswi-o85e24fb1-6 -j neutron-openvswi-s85e24fb1-6 -A neutron-openvswi-o85e24fb1-6 -p udp -m udp --sport 67 -m udp --dport 68 -m comment --comment "Prevent DHCP Spoofing by VM." -j DROP -A neutron-openvswi-o85e24fb1-6 -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-o85e24fb1-6 -j RETURN -A neutron-openvswi-o85e24fb1-6 -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-o85e24fb1-6 -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-s1fe43774-e -s 10.1.50.200/32 -m mac --mac-source FA:16:3E:05:6F:A4 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN -A neutron-openvswi-s1fe43774-e -m comment --comment "Drop traffic without an IP/MAC allow rule." -j DROP -A neutron-openvswi-s85e24fb1-6 -s 10.1.50.201/32 -m mac --mac-source FA:16:3E:73:89:67 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN -A neutron-openvswi-s85e24fb1-6 -m comment --comment "Drop traffic without an IP/MAC allow rule." -j DROP -A neutron-openvswi-sg-chain -m physdev --physdev-out tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-i85e24fb1-6 -A neutron-openvswi-sg-chain -m physdev --physdev-in tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-o85e24fb1-6 -A neutron-openvswi-sg-chain -m physdev --physdev-out tap1fe43774-ef --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-i1fe43774-e -A neutron-openvswi-sg-chain -m physdev --physdev-in tap1fe43774-ef --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-o1fe43774-e -A neutron-openvswi-sg-chain -j ACCEPT -A neutron-openvswi-sg-fallback -m comment --comment "Default drop rule for unmatched traffic." -j DROP COMMIT VM1 passes traffic just fine, VM2 does not because no rule is added. I manually added these rules and traffic passes just fine: iptables -A neutron-openvswi-INPUT -m physdev --physdev-in tap672dbe42-10 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT iptables -A neutron-openvswi-FORWARD -m physdev --physdev-out tap672dbe42-10 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT iptables -A neutron-openvswi-FORWARD -m physdev --physdev-in tap672dbe42-10 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT Here are the port-show for each: r...@os-controller-1001.prd.cin1 > neutron port-show 672dbe42-10bb-4196-80ad-70a81488ad51 +-----------------------+--------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+--------------------------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | osc-1031.prd.cin1 | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | f4037cdd-e1ab-4e84-88e0-ef94f1b95b39 | | device_owner | compute:None | | dns_assignment | {"hostname": "host-8XXXXXX", "ip_address": "8.XXXXXX, "fqdn": "host-8-XXXXX.openstacklocal."} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "b3409c40-d6e2-461a-8722-8e5e52624d52", "ip_address": "8.XXXXX"} | | id | 672dbe42-10bb-4196-80ad-70a81488ad51 | | mac_address | fa:16:3e:4a:18:df | | name | | | network_id | 0270175b-6c53-40ca-bb9e-22e2635cdaeb | | port_security_enabled | False | | security_groups | | | status | ACTIVE | | tenant_id | 42858ac565df4bf8aec64f871fe7e955 | +-----------------------+--------------------------------------------------------------------------------------------------------------+ r...@os-controller-1001.prd.cin1 > neutron port-show 0cc26c65-d1d7-45b1-a974-43fafc28a1ec +-----------------------+--------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+--------------------------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | osc-1031.prd.cin1 | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 1bf1e985-d317-4a7c-81c5-4dc32c889274 | | device_owner | compute:zone1 | | dns_assignment | {"hostname": "host-8-XXXXXXX2", "ip_address": "8.XXXXXX", "fqdn": "host-8XXXXXX.openstacklocal."} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "b3409c40-d6e2-461a-8722-8e5e52624d52", "ip_address": "8.XXXXXXX"} | | id | 0cc26c65-d1d7-45b1-a974-43fafc28a1ec | | mac_address | fa:16:3e:4a:ab:45 | | name | | | network_id | 0270175b-6c53-40ca-bb9e-22e2635cdaeb | | port_security_enabled | False | | security_groups | | | status | ACTIVE | | tenant_id | 42858ac565df4bf8aec64f871fe7e955 | +-----------------------+--------------------------------------------------------------------------------------------------------------+ ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1549443 Title: Port Security does not consistently update nova iptables Status in neutron: New Bug description: I have created a network with port security set to enabled. I have set --no-security-group and --port_security_enabled=False on the port however the iptables on the hypervisor is not consistently set. I have 2 VM on this hypervisors: VM1: tap0cc26c65-d1 VM2: tap672dbe42-10 Dump of iptables save: -A INPUT -j neutron-openvswi-INPUT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j neutron-filter-top -A FORWARD -j neutron-openvswi-FORWARD -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -j neutron-filter-top -A OUTPUT -j neutron-openvswi-OUTPUT -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT -A neutron-filter-top -j neutron-openvswi-local -A neutron-openvswi-FORWARD -m physdev --physdev-out tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-in tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-out tap1fe43774-ef --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-in tap1fe43774-ef --physdev-is-bridged -m comment --comment "Direct traffic from the VM interface to the security group chain." -j neutron-openvswi-sg-chain -A neutron-openvswi-FORWARD -m physdev --physdev-out tap0cc26c65-d1 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT -A neutron-openvswi-FORWARD -m physdev --physdev-in tap0cc26c65-d1 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT -A neutron-openvswi-INPUT -m physdev --physdev-in tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Direct incoming traffic from VM to the security group chain." -j neutron-openvswi-o85e24fb1-6 -A neutron-openvswi-INPUT -m physdev --physdev-in tap1fe43774-ef --physdev-is-bridged -m comment --comment "Direct incoming traffic from VM to the security group chain." -j neutron-openvswi-o1fe43774-e -A neutron-openvswi-INPUT -m physdev --physdev-in tap0cc26c65-d1 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT -A neutron-openvswi-i1fe43774-e -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-i1fe43774-e -s 10.1.51.1/32 -p udp -m udp --sport 67 -m udp --dport 68 -j RETURN -A neutron-openvswi-i1fe43774-e -p tcp -m tcp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i1fe43774-e -p udp -m udp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i1fe43774-e -m set --match-set NIPv4a5bf8991-231c-43db-9dd0- src -j RETURN -A neutron-openvswi-i1fe43774-e -p icmp -j RETURN -A neutron-openvswi-i1fe43774-e -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-i1fe43774-e -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-i85e24fb1-6 -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-i85e24fb1-6 -s 10.1.51.1/32 -p udp -m udp --sport 67 -m udp --dport 68 -j RETURN -A neutron-openvswi-i85e24fb1-6 -p tcp -m tcp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i85e24fb1-6 -p udp -m udp -m multiport --dports 1:65535 -j RETURN -A neutron-openvswi-i85e24fb1-6 -m set --match-set NIPv4a5bf8991-231c-43db-9dd0- src -j RETURN -A neutron-openvswi-i85e24fb1-6 -p icmp -j RETURN -A neutron-openvswi-i85e24fb1-6 -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-i85e24fb1-6 -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-o1fe43774-e -p udp -m udp --sport 68 -m udp --dport 67 -m comment --comment "Allow DHCP client traffic." -j RETURN -A neutron-openvswi-o1fe43774-e -j neutron-openvswi-s1fe43774-e -A neutron-openvswi-o1fe43774-e -p udp -m udp --sport 67 -m udp --dport 68 -m comment --comment "Prevent DHCP Spoofing by VM." -j DROP -A neutron-openvswi-o1fe43774-e -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-o1fe43774-e -j RETURN -A neutron-openvswi-o1fe43774-e -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-o1fe43774-e -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-o85e24fb1-6 -p udp -m udp --sport 68 -m udp --dport 67 -m comment --comment "Allow DHCP client traffic." -j RETURN -A neutron-openvswi-o85e24fb1-6 -j neutron-openvswi-s85e24fb1-6 -A neutron-openvswi-o85e24fb1-6 -p udp -m udp --sport 67 -m udp --dport 68 -m comment --comment "Prevent DHCP Spoofing by VM." -j DROP -A neutron-openvswi-o85e24fb1-6 -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-o85e24fb1-6 -j RETURN -A neutron-openvswi-o85e24fb1-6 -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-o85e24fb1-6 -m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback -A neutron-openvswi-s1fe43774-e -s 10.1.50.200/32 -m mac --mac-source FA:16:3E:05:6F:A4 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN -A neutron-openvswi-s1fe43774-e -m comment --comment "Drop traffic without an IP/MAC allow rule." -j DROP -A neutron-openvswi-s85e24fb1-6 -s 10.1.50.201/32 -m mac --mac-source FA:16:3E:73:89:67 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN -A neutron-openvswi-s85e24fb1-6 -m comment --comment "Drop traffic without an IP/MAC allow rule." -j DROP -A neutron-openvswi-sg-chain -m physdev --physdev-out tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-i85e24fb1-6 -A neutron-openvswi-sg-chain -m physdev --physdev-in tap85e24fb1-61 --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-o85e24fb1-6 -A neutron-openvswi-sg-chain -m physdev --physdev-out tap1fe43774-ef --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-i1fe43774-e -A neutron-openvswi-sg-chain -m physdev --physdev-in tap1fe43774-ef --physdev-is-bridged -m comment --comment "Jump to the VM specific chain." -j neutron-openvswi-o1fe43774-e -A neutron-openvswi-sg-chain -j ACCEPT -A neutron-openvswi-sg-fallback -m comment --comment "Default drop rule for unmatched traffic." -j DROP COMMIT VM1 passes traffic just fine, VM2 does not because no rule is added. I manually added these rules and traffic passes just fine: iptables -A neutron-openvswi-INPUT -m physdev --physdev-in tap672dbe42-10 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT iptables -A neutron-openvswi-FORWARD -m physdev --physdev-out tap672dbe42-10 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT iptables -A neutron-openvswi-FORWARD -m physdev --physdev-in tap672dbe42-10 --physdev-is-bridged -m comment --comment "Accept all packets when port security is disabled." -j ACCEPT Here are the port-show for each: r...@os-controller-1001.prd.cin1 > neutron port-show 672dbe42-10bb-4196-80ad-70a81488ad51 +-----------------------+--------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+--------------------------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | osc-1031.prd.cin1 | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | f4037cdd-e1ab-4e84-88e0-ef94f1b95b39 | | device_owner | compute:None | | dns_assignment | {"hostname": "host-8XXXXXX", "ip_address": "8.XXXXXX, "fqdn": "host-8-XXXXX.openstacklocal."} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "b3409c40-d6e2-461a-8722-8e5e52624d52", "ip_address": "8.XXXXX"} | | id | 672dbe42-10bb-4196-80ad-70a81488ad51 | | mac_address | fa:16:3e:4a:18:df | | name | | | network_id | 0270175b-6c53-40ca-bb9e-22e2635cdaeb | | port_security_enabled | False | | security_groups | | | status | ACTIVE | | tenant_id | 42858ac565df4bf8aec64f871fe7e955 | +-----------------------+--------------------------------------------------------------------------------------------------------------+ r...@os-controller-1001.prd.cin1 > neutron port-show 0cc26c65-d1d7-45b1-a974-43fafc28a1ec +-----------------------+--------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+--------------------------------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | osc-1031.prd.cin1 | | binding:profile | {} | | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 1bf1e985-d317-4a7c-81c5-4dc32c889274 | | device_owner | compute:zone1 | | dns_assignment | {"hostname": "host-8-XXXXXXX2", "ip_address": "8.XXXXXX", "fqdn": "host-8XXXXXX.openstacklocal."} | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "b3409c40-d6e2-461a-8722-8e5e52624d52", "ip_address": "8.XXXXXXX"} | | id | 0cc26c65-d1d7-45b1-a974-43fafc28a1ec | | mac_address | fa:16:3e:4a:ab:45 | | name | | | network_id | 0270175b-6c53-40ca-bb9e-22e2635cdaeb | | port_security_enabled | False | | security_groups | | | status | ACTIVE | | tenant_id | 42858ac565df4bf8aec64f871fe7e955 | +-----------------------+--------------------------------------------------------------------------------------------------------------+ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1549443/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp