yahoo-eng-team team mailing list archive

[Nate Johnston <1949230@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Octavia can use OVN as a provider driver using it's driver framework.
The OVN Octavia provider driver, part of ML2/OVN, does not implement all
of the functionality of the Octavia API [1].  One feature that should be
supported is allowed_cidrs.

The Octavia allowed_cidrs functionality allows Octavia to manage and
communicate the CIDR blocks allowed to address an Octavia load balancer.
Implementing this in the OVN provider driver would allow load balancers
to be only accessible from specific CIDR blocks, a requirement for
customer security ina number of scenarios.

[1] https://docs.openstack.org/octavia/latest/user/feature-
classification/index.html#listener-api-features

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: ovn ovn-octavia-provider

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1949230

Title:
  OVN Octavia provider driver should implement allowed_cidrs to enforce
  security groups on LB ports

Status in neutron:
  New

Bug description:
  Octavia can use OVN as a provider driver using it's driver framework.
  The OVN Octavia provider driver, part of ML2/OVN, does not implement
  all of the functionality of the Octavia API [1].  One feature that
  should be supported is allowed_cidrs.

  The Octavia allowed_cidrs functionality allows Octavia to manage and
  communicate the CIDR blocks allowed to address an Octavia load
  balancer.  Implementing this in the OVN provider driver would allow
  load balancers to be only accessible from specific CIDR blocks, a
  requirement for customer security ina number of scenarios.

  [1] https://docs.openstack.org/octavia/latest/user/feature-
  classification/index.html#listener-api-features

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1949230/+subscriptions