Skip to content

vexxhost/neutron-policy-server

Repository files navigation

Neutron Policy Server

This is a simple server which can be used to manage complex Neutron policies which are not possible to be managed using the default Neutron policy.json file due to the lack of programmatic control. It covers the following use cases:

Allowed Address Pairs for Provider Networks

The default Neutron policy does not allow the use of allowed address pairs for provider networks. However, in a use case where you need to run a highly available service on a provider network, you may need to use allowed address pairs to allow multiple instances to share the same IP address.

This service intercepts the existing Neutron policy and allows the use of allowed address pairs for provider networks under these circumstances:

  • Users can modify an allowed_address_pairs attribute to their port if they own another port on the same network with the same MAC & IP address.
  • Users cannot delete a port if another port on the same network has an allowed_address_pairs attribute with the same MAC & IP address.
  • Users cannot modify the fixed_ips attribute of a port if another port on the same network has an allowed_address_pairs attribute with the IP.