From 39248992ab74e80ab097dc88f80598d8df3a5923 Mon Sep 17 00:00:00 2001 From: anwars Date: Mon, 18 Mar 2019 06:23:03 +0100 Subject: [PATCH] Disable port security at network level Change-Id: Ia36d116b6de6036161b1c13fda45fd514bd9e56c --- Release6/disable_port_security_network.md | 51 +++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 Release6/disable_port_security_network.md diff --git a/Release6/disable_port_security_network.md b/Release6/disable_port_security_network.md new file mode 100644 index 0000000..4dfa95d --- /dev/null +++ b/Release6/disable_port_security_network.md @@ -0,0 +1,51 @@ +# Disable Port Security at Network Level # + +## Proposer ## +- Syed Anwar (VMware) +- Ravindran Ganapathi (VMware) + +## Type ## +**Feature** + +## Target MDG/TF ## +IM,RO + +## Description ## + +We have found that with VMware Integrated Openstack 5.1 + NSX T + ENS current OSM deployment +fails due to port security not supported by ENS. + +Failure point in OSM is when creating the network on openstack, +we observed that manual network creation in openstack also fails with error +'Port security is not supported on ENS Transport zones' + +However we were able to create network manually in openstack using --disable-port-security +option while creating the network. +But we do not have any option in OSM IM to specify disable port security at the network level. + +From the openstack documentation we can see that by default when the network is created +port security is always enabled, + +--enable-port-security +Enable port security by default for ports created on this network (default) + +--disable-port-security +Disable port security by default for ports created on this network + + +From OSM in the current vnfd IM we can find that we have the option to disable port security +but that works only at the connection point / port level. + +Also in OSM there is an advanced configuration parameter that can be passed while registering the VIM in OSM, +i.e. no_port_security_extension but even that is applied only when creating ports and not networks. + +There needs to be a mechanism using which we can disable port security by default for ports +created on a networks for openstack deployments using OSM. + +## Design ## +Design pad: https://osm.etsi.org/pad/p/feature7326 + +## Demo or definition of done ## + +We should be able to instantiate a NS via OSM by specifying the option to disable port security +while network creation on an VMware Integrated Openstack VIM which is configured with NSX T + ENS. -- 2.17.1