Sub-ports should be associated with networks that will be tagged using 802.1q VLAN encapsulation inside the instance. Sub-ports are then associated with a trunk and correspond to tagged sub-interfaces within the guest operating system. With the openstack client, create a sub-port with the following attributes:
- Name: child-p0c1
- Network: RED_NET
The following command can be used:
openstack port create --network RED_NET child-p0c1
The output will resemble the following:
Like any other port, when a sub-port is created, Neutron dynamically assigns a MAC address. However, when creating VLAN sub-interfaces inside an instance, the sub-interface may inherit the MAC address of the parent interface. This behavior is acceptable since the interfaces are on two different networks and MAC addresses do not pass the Layer 2 boundary. However, it may be problematic from a port security standpoint. When creating sub-interfaces in an instance, you will need to specify the MAC address Neutron assigned for the sub-port or create the sub-port with the same MAC address of the parent port.