Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The changing of ebtables is caused by setting share_dhcp_address = True in the /etc/nova/nova.conf file. By changing this setting to False I was able to boot VMs without the ebtables rules being added.

share_dhcp_address is useful if you want to have multiple compute nodes share the same IP address (for the purposes of migration is my guess). As far as why the ebtables rules are necessary - the links below suggest that it is for security related and while I think it has something to do with preventing spoofing attacks, but I haven't connected all the dots yet so take it with a grain of salt.

See: https://ask.openstack.org/en/question/1648/why-do-ebtables-rules-with-share_dhcp_address-block-arp-traffic/ https://review.openstack.org/#/c/16578

The changing of ebtables is caused by setting share_dhcp_address = True in the /etc/nova/nova.conf file. By changing this setting to False I was able to boot VMs without the ebtables rules being added.

share_dhcp_address is useful if you want to have multiple compute nodes share the same IP address (for the purposes of migration is my guess). As far as why the ebtables rules are necessary - the links below suggest that it is for security related and while I think it has something to do with preventing spoofing attacks, but I haven't connected all the dots yet so take it with a grain of salt.

See: https://ask.openstack.org/en/question/1648/why-do-ebtables-rules-with-share_dhcp_address-block-arp-traffic/ https://ask.openstack.org/en/question/1648/why-do-ebtables-rules-with-share_dhcp_address-block-arp-traffic/ https://review.openstack.org/#/c/16578

The changing of ebtables is caused by setting share_dhcp_address = True in the /etc/nova/nova.conf file. By changing this setting to False I was able to boot VMs without the ebtables rules being added.

share_dhcp_address is useful if you want to have multiple compute nodes share the same IP address (for the purposes of migration is my guess). As far as why the ebtables rules are necessary - the links below suggest that it is for security related and while I think it has something to do with preventing spoofing attacks, but I haven't connected all the dots yet so take it with a grain of salt.

See: Related Links:

https://ask.openstack.org/en/question/1648/why-do-ebtables-rules-with-share_dhcp_address-block-arp-traffic/

https://review.openstack.org/#/c/16578