yahoo-eng-team team mailing list archive

[Dan Sneddon <dsneddon@xxxxxxxxxx>]

Public bug reported:

Some operators need to allow/deny custom Ethertypes for applications
which use their own non-IP traffic (such as for clustering
applications). The Security Group API only handles specifying behavior
within the IP protocol.  With the firewall reference implementation (OVS
Firewall) anything other than IPv4 and IPv6 is subject to the default
deny.  This means OpenStack customers have no options to use OpenStack
to permit protocols that use separate ethertypes like InfiniBand and
FCoE.

We propose adding to the Security Group API the capability to specify
standard security group behaviors (allow, deny) for custom ethertypes,
with the aim of implementing these controls in the OVS firewall.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1832758

Title:
  [RFE] Allow/deny custom ethertypes in security groups

Status in neutron:
  New

Bug description:
  Some operators need to allow/deny custom Ethertypes for applications
  which use their own non-IP traffic (such as for clustering
  applications). The Security Group API only handles specifying behavior
  within the IP protocol.  With the firewall reference implementation
  (OVS Firewall) anything other than IPv4 and IPv6 is subject to the
  default deny.  This means OpenStack customers have no options to use
  OpenStack to permit protocols that use separate ethertypes like
  InfiniBand and FCoE.

  We propose adding to the Security Group API the capability to specify
  standard security group behaviors (allow, deny) for custom ethertypes,
  with the aim of implementing these controls in the OVS firewall.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1832758/+subscriptions