1. DSR Cloud Installation Guide
  2. Application VIP Failover Options (OpenStack)
  3. Before a VM Instance has been Booted: Port Security

G.8 Before a VM Instance has been Booted: Port Security

If you want to disable port security for a port before it is associated with a VM instance, then you need to first create the port at which time you can specify that port security should be disabled. The command to create a new port with port security disabled is of the following form:
# neutron port-create –-name <Port Name> –-port-security-enabled=false --fixed-ip subnet-id=$(neutron subnet-show –f value –F id <Subnet name>),ip_address=<Target IP address> $(neutron net-show –f value –F id <Network name>)

where the bolded items have the following meaning:

  • <Port Name>

    This is effectively a string alias for the port that is useful when trying to locate the ID for the port but the –-name <Port Name> portion of the command is completely optional.

  • <Subnet name>

    The name of the subnet to which the port should be added.

  • <Target IP address>

    The unique IP address to be associated with the port.

  • <Network Name>

    The name of the network with which the port should be associated.

For example, if you wanted to indicate to Neutron that a new port should have port security disabled and an IP address of 10.133.97.133 on the ext-subnet subnet, then you would type a command similar to the following:
# neutron port-create –name foo –-port-security-enabled=false --fixed-ip subnet-id=$(neutron subnet-show –f value –F id ext-subnet),ip_address=10.133.97.133 $(neutron net-show –f value –F id ext-net)
Once the port or ports with port security disabled have been created, when you boot the VM instance, you need to run a command similar to the following:
# nova boot --flavor m1.xlarge --image testVMimage --nic port-id=$(neutron port-show –f value –F id <Port Name>) testvm3

Where the flavor, image, and VM instance name values need to be replaced by values appropriate for your VM. If the port to be associated with the VM instance is not named, then you need to obtain the port’s ID using the neutron port-list command and replace the $(neutron port-show –f value –F id <Port Name>) sequence in the above command with the port’s ID value.