Option 1 – IP specified with ports NN No data for Metadata service ENDPOINT GROUP NM Network-Services group - add rule with metadata port 120.2 169.2 120.2 169.2 GBP Node Endpoint DHCP endpoint metadata IP, dst 80 VPP-Renderer endpoint IP, src 80

Option 1 – IP specified with ports NN Implementation for such as endpoint may be missing in GBP modules Components to check - location resolver - policy resolver - renderer manager - vpp renderer Neutron port - fixed ips NM GBP Base endpoint (L2 - mac) VPP-Renderer Base endpoint (L3 – 120.2) Base endpoint (L3 – 169.2)

Option 2 – Remote Ip Prefix for Metadata service NN Endpoint DHCP endpoint Add rules to support metadata service: - network-service group - ingress, dst port 80 - egress, src port 80 - network-client group - egress, dst port 80, remote IP prefix 169.254.169.254/32 - ingress, src port 80, remote IP prefix 169.254.169.254/32 NM GBP Subtasks for Metadata service FDS-246 - add rules in neutron mapper - investigate remote-ip-prefix in ResolvedPolicy, RendererManager, VppRenderer - implement support for remote-ip-prefix if missing - in VPP-renderer omit IP address and keep only L4 for Metadata IF NEEDED - very last task: startup configuration for metadata -> blueprint XML with IP and PORT - meanwhile hardcode the value VPP-Renderer