Chapter 18. Configuring allowed-address-pairs
18.1. Overview of allowed-address-pairs
Use allowed-address-pairs to specify mac_address/ip_address (CIDR) pairs that pass through a port regardless of subnet. This enables the use of protocols such as VRRP, which floats an IP address between two instances to enable fast data plane failover.
The allowed-address-pairs extension is currently supported only by the ML2 and Open vSwitch plug-ins.
18.2. Creating a port and allowing one address pair
Use the following command to create a port and allow one address pair:
# openstack port create --network net1 --allowed-address mac_address=<mac_address>,ip_address=<ip_cidr> PORT_NAME
18.3. Adding allowed-address-pairs
Use the following command to add allowed address pairs:
# openstack port set <port-uuid> --allowed-address mac_address=<mac_address>,ip_address=<ip_cidr>
You cannot set an allowed-address pair that matches the mac_address and ip_address of a port. This is because such a setting has no effect since traffic matching the mac_address and ip_address is already allowed to pass through the port.