Chapter 18. Configuring allowed-address-pairs

18.1. Overview of allowed-address-pairs

Use allowed-address-pairs to specify mac_address/ip_address (CIDR) pairs that pass through a port regardless of subnet. This enables the use of protocols such as VRRP, which floats an IP address between two instances to enable fast data plane failover.


The allowed-address-pairs extension is currently supported only by the ML2 and Open vSwitch plug-ins.

18.2. Creating a port and allowing one address pair

  • Use the following command to create a port and allow one address pair:

    # openstack port create --network net1 --allowed-address mac_address=<mac_address>,ip_address=<ip_cidr> PORT_NAME

18.3. Adding allowed-address-pairs

  • Use the following command to add allowed address pairs:

    # openstack port set <port-uuid> --allowed-address mac_address=<mac_address>,ip_address=<ip_cidr>

You cannot set an allowed-address pair that matches the mac_address and ip_address of a port. This is because such a setting has no effect since traffic matching the mac_address and ip_address is already allowed to pass through the port.