1 # Disable Port Security at Network Level #
5 - Ravindran Ganapathi (VMware)
15 We have found that with VMware Integrated Openstack 5.1 + NSX T + ENS current OSM deployment
16 fails due to port security not supported by ENS.
18 Failure point in OSM is when creating the network on openstack,
19 we observed that manual network creation in openstack also fails with error
20 'Port security is not supported on ENS Transport zones'
22 However we were able to create network manually in openstack using --disable-port-security
23 option while creating the network.
24 But we do not have any option in OSM IM to specify disable port security at the network level.
26 From the openstack documentation we can see that by default when the network is created
27 port security is always enabled,
29 --enable-port-security
30 Enable port security by default for ports created on this network (default)
32 --disable-port-security
33 Disable port security by default for ports created on this network
36 From OSM in the current vnfd IM we can find that we have the option to disable port security
37 but that works only at the connection point / port level.
39 Also in OSM there is an advanced configuration parameter that can be passed while registering the VIM in OSM,
40 i.e. no_port_security_extension but even that is applied only when creating ports and not networks.
42 There needs to be a mechanism using which we can disable port security by default for ports
43 created on a networks for openstack deployments using OSM.
46 Design pad: https://osm.etsi.org/pad/p/feature7326
48 ## Demo or definition of done ##
50 We should be able to instantiate a NS via OSM by specifying the option to disable port security
51 while network creation on an VMware Integrated Openstack VIM which is configured with NSX T + ENS.
projects / osm / Features.git / blob