← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #38870

[Bug 1498957] [NEW] Add a 'dscp' field to security group rules to screen ingress traffic by dscp tag as well as IP address

  Thread PreviousDate PreviousThread Next 
Public bug reported:

This change will add to the current security group model an additional
option to allow for traffic to be restricted to a given DSCP tag in
addition to the current IP address based restriction.  Incoming traffic
would need to match both the IP address/CIDR block as well as the DSCP
tag - if one is set.

Changes:
* DB model changes to add a DSCP tag column to security groups.
* API changes to allow for DSCP tag configuration options to be supplied to security group API calls.
* Neutron agent changes to implement configuring IPTables with the additional DSCP tag configuration.

Note: This is complimentary functionality to the "QoS DSCP marking rule
support" change which, when implemented, will provide Neutron with an
interface to configure QoS policies to mark outgoing traffic with DSCP
tags.  See also: QoS DSCP marking rule support:
https://bugs.launchpad.net/neutron/+bug/1468353

** Affects: neutron
     Importance: Undecided
     Assignee: Nate Johnston (nate-johnston)
         Status: New


** Tags: dscp qos rfe

** Changed in: neutron
     Assignee: (unassigned) => Nate Johnston (nate-johnston)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1498957

Title:
  Add a 'dscp' field to security group rules to screen ingress traffic
  by dscp tag as well as IP address

Status in neutron:
  New

Bug description:
  This change will add to the current security group model an additional
  option to allow for traffic to be restricted to a given DSCP tag in
  addition to the current IP address based restriction.  Incoming
  traffic would need to match both the IP address/CIDR block as well as
  the DSCP tag - if one is set.

  Changes:
  * DB model changes to add a DSCP tag column to security groups.
  * API changes to allow for DSCP tag configuration options to be supplied to security group API calls.
  * Neutron agent changes to implement configuring IPTables with the additional DSCP tag configuration.

  Note: This is complimentary functionality to the "QoS DSCP marking
  rule support" change which, when implemented, will provide Neutron
  with an interface to configure QoS policies to mark outgoing traffic
  with DSCP tags.  See also: QoS DSCP marking rule support:
  https://bugs.launchpad.net/neutron/+bug/1468353

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1498957/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next