X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=Release9%2Fstrategy_allow_address_pairs.md;fp=Release9%2Fstrategy_allow_address_pairs.md;h=448ec09d83942cd0943db3f62bf895036f674105;hb=14c908acb7043a67f902cb38ba2e1a1c18169ea7;hp=0000000000000000000000000000000000000000;hpb=d70166690bcdd7adaa2e31271be50a228cfb6645;p=osm%2FFeatures.git

diff --git a/Release9/strategy_allow_address_pairs.md b/Release9/strategy_allow_address_pairs.md
new file mode 100644
index 0000000..448ec09
--- /dev/null
+++ b/Release9/strategy_allow_address_pairs.md
@@ -0,0 +1,37 @@
+# Simple strategy to allow address pairs for virtual IP
+ 
+## Proposers
+
+- Gianpietro Lavado (Whitestack)
+- Gerardo García de Blas (Telefonica)
+
+## Type
+
+Feature
+
+## Target MDG/TF
+
+IM, RO
+
+## Description
+
+Openstack VIMs allow to ways to access virtual IPs inside VMs:
+1. Per-IP/MAC or prefix, with allow-address-pairs.
+2. Full access, by disabling port-security
+
+Today, OSM only supports the second one, which is not supported in some VIMs.
+As a different strategy to allow full access in these VIMs that do not support disabling port
+security, the proposal is to leverage allowed-address-pairs with a command like this one:
+
+openstack port set --allowed-address ip-address=0.0.0.0/0  PORT_ID
+
+This would not allow full access to the port, but would cover most cases where VIPs need
+to be reached.
+
+At the VNFD level, a new entry would need to be added, to support this different strategy of
+disabling port security.
+
+## Demo or definition of done
+
+- The VNFD supports a method of disabling port-security, through the use of allowed-address-pairs.
+- The ports are implemented with an allowed-address-pair rule that allows 0.0.0.0/0
\ No newline at end of file