Comment 50 for bug 1489111

I am using Liberty and the patch has been installed. I can ping and ssh with the default security group in devstack through the reproduce steps. I think maybe it should not be permitted. Or there are some incorrect steps. Can anyone help me? Thanks very much.

I am using "demo" user.
My steps:
(1) neutron port-create <net-id> --name port1
(2) watch neutron port-update port1 --device-owner network:hello
step one and two are in one script.

(3) nova boot test --nic port-id=<port-id> --flavor m1.tiny --image cirros-0.3.4-x86_64-uec

I can see that instance test is active. I can ping and ssh it.
"neutron port-show port1" indicates that the "device_owner" is "network:hello" and "port_security_enabled" is "True"

I have set "vif_plugging_timeout=0" and "vif_plugging_is_fatal=False" in nova.conf to ensure that instance can be successfully booted.

The created port id is c05720c0-0259-441c-8c48-f650a4b01202
And I found the following lines in "ip addr".

32: qbrc05720c0-02: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
33: qvoc05720c0-02: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP
34: qvbc05720c0-02: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master qbrc05720c0-02
35: tapc05720c0-02: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master qbrc05720c0-02 state

But when I just execute the command "nova boot test2 --nic net-id=<net-id> --flavor m1.tiny --image cirros-0.3.4-x86_64-uec",
I cannot ping or ssh the instance "test2".