For NSX-T Data Center deployments, you can create networks and ports backed by a transport zone using N-VDS enhanced data path mode.

Important: This feature is offered in VMware Integrated OpenStack Carrier Edition only. For more information, see VMware Integrated OpenStack Licensing.

An NSX-managed virtual distributed switch (N-VDS) can operate in enhanced data path mode to provide network performance improvements needed by NFV workflows. For more information, see Enhanced Data Path in the NSX-T Data Center Installation Guide.

Port security is not supported for N-VDS enhanced data path mode. The following procedure disables port security for enhanced data path mode in your OpenStack deployment. Alternatively, you can include the --port-security-enabled=false parameter when you create a Neutron network.

Prerequisites

If you are using both standard and enhanced data path mode, create a separate availability zone for enhanced data path mode. See Create a Neutron Availability Zone with NSX-T Data Center.

Procedure

  1. Log in to the OpenStack Management Server as viouser.
  2. If your deployment is not using a custom.yml file, copy the template custom.yml file to the /opt/vmware/vio/custom directory. 
    sudo mkdir -p /opt/vmware/vio/custom
sudo cp /var/lib/vio/ansible/custom/custom.yml.sample /opt/vmware/vio/custom/custom.yml
  3. Open the /opt/vmware/vio/custom/custom.yml file in a text editor.
  4. Uncomment the ens_support parameter and set its value to true.
  5. Uncomment the nsxv3_disable_port_security_for_ens parameter and set its value to true.
  6. Deploy the updated configuration. 
    sudo viocli deployment configure --limit controller

    Deploying the configuration briefly interrupts OpenStack services.

What to do next

When you create networks that consume N-VDS in enhanced data path mode, specify the availability zone created for it.