Hi, We are trying to add secondary ip to an openstack vm. We saw that vm's were not able to communicate via secondary ip.however disabling port security did the trick also came around --allowed address pair in neutron commmand would also work

So, my question is is it possible to change ovs configuration to allow traffic from the secondary ip and not disable port security or allowed address pair...

Because according to me ovs must put vlan tags for the ip known to the setup and drop all others.

One more thing how can I check ovs traffic flows for a VM I cannot get a proper documentation for that..

Thanks in advance

I recommend and to learn about traffic flows in Neutron and how to interpret commands like ovs-ofctl. These blogs are fairly old but probably still correct, or good enough for inspiration.

By the way, on my Newton-based Packstack cloud, I created an instance with two NICs on the same network, set the correct IP address on eth1 and set the default route to eth1 as well. No problem communicating into the instance via floating IP, and out of the instance.

So, there is no need to tweak OVS, disable port security or use allowed-address-pairs. It should work out of the box.

