Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 20. Configure allowed-address-pairs

Allowed-address-pairs allow you to specify mac_address/ip_address (CIDR) pairs that pass through a port regardless of subnet. This enables the use of protocols such as VRRP, which floats an IP address between two instances to enable fast data plane failover.


The allowed-address-pairs extension is currently only supported by the ML2 and Open vSwitch plug-ins.

20.1. Basic allowed-address-pairs operations

Create a port and allow one address pair:

# neutron port-create net1 --allowed-address-pairs type=dict list=true mac_address=<mac_address>,ip_address=<ip_cidr>

20.2. Adding allowed-address-pairs

# neutron port-update <port-uuid> --allowed-address-pairs type=dict list=true mac_address=<mac_address>,ip_address=<ip_cidr>

OpenStack Networking prevents setting an allowed-address-pair that matches the mac_address and ip_address of a port. This is because such a setting would have no effect since traffic matching the mac_address and ip_address is already allowed to pass through the port.