yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #89532
[Bug 1987093] [NEW] [RFE] Add a port extension to set/define the switchdev capabilities
Public bug reported:
The aim of this RFE is to decouple the port binding profile update and
the ability of a user to set the "switchdev" flag on a port.
Since [1], a user is able to set "{"capabilities": ["switchdev"]}" on
the port binding profile in order to define this port as compatible with
the Ethernet switch device driver model (switchdev) [2]. In other words,
to be able to use a VF of a NIC with offloading capabilities. This is
currently used in ML2/OVS and ML2/OVN to offload the OpenFlow rules on
the NIC hardware.
The problem resides on the need of changing the port binding profile from the Neutron side:
* The port binding profile is a port blob that should be updated only from Nova.
* By default, this is allowed only to admin users, by is configurable via policy config. That could introduce security issues is a non-admin user can change any port binding profile, even if that is restricted to his/her own project.
This RFE will require a spec describing the needed changes on the API
side, the port object and RPC blob transmitted (needed by Nova).
[1]https://review.opendev.org/c/openstack/neutron/+/499203
[2]https://www.kernel.org/doc/html/latest/networking/switchdev.html
** Affects: neutron
Importance: Wishlist
Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
Status: New
** Changed in: neutron
Importance: Undecided => Wishlist
** Changed in: neutron
Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1987093
Title:
[RFE] Add a port extension to set/define the switchdev capabilities
Status in neutron:
New
Bug description:
The aim of this RFE is to decouple the port binding profile update and
the ability of a user to set the "switchdev" flag on a port.
Since [1], a user is able to set "{"capabilities": ["switchdev"]}" on
the port binding profile in order to define this port as compatible
with the Ethernet switch device driver model (switchdev) [2]. In other
words, to be able to use a VF of a NIC with offloading capabilities.
This is currently used in ML2/OVS and ML2/OVN to offload the OpenFlow
rules on the NIC hardware.
The problem resides on the need of changing the port binding profile from the Neutron side:
* The port binding profile is a port blob that should be updated only from Nova.
* By default, this is allowed only to admin users, by is configurable via policy config. That could introduce security issues is a non-admin user can change any port binding profile, even if that is restricted to his/her own project.
This RFE will require a spec describing the needed changes on the API
side, the port object and RPC blob transmitted (needed by Nova).
[1]https://review.opendev.org/c/openstack/neutron/+/499203
[2]https://www.kernel.org/doc/html/latest/networking/switchdev.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1987093/+subscriptions
Follow ups
