Chapter 19. Configure allowed-address-pairs
Allowed-address-pairs allow you to specify mac_address/ip_address (CIDR) pairs that pass through a port regardless of subnet. This enables the use of protocols such as VRRP, which floats an IP address between two instances to enable fast data plane failover.
The allowed-address-pairs extension is currently only supported by the ML2 and Open vSwitch plug-ins.
19.1. Basic allowed-address-pairs operations
Create a port and allow one address pair:
# neutron port-create net1 --allowed-address-pairs type=dict list=true mac_address=<mac_address>,ip_address=<ip_cidr>
19.2. Adding allowed-address-pairs
# neutron port-update <port-uuid> --allowed-address-pairs type=dict list=true mac_address=<mac_address>,ip_address=<ip_cidr>
OpenStack Networking prevents setting an allowed-address-pair that matches the mac_address and ip_address of a port. This is because such a setting would have no effect since traffic matching the mac_address and ip_address is already allowed to pass through the port.