yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1832758] Re: [RFE] Allow/deny custom ethertypes in security groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brian Haley <1832758@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Jan 2023 19:22:41 -0000
Reply-to: Bug 1832758 <1832758@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1832758

Title:
  [RFE] Allow/deny custom ethertypes in security groups

Status in neutron:
  Fix Released

Bug description:
  Some operators need to allow/deny custom Ethertypes for applications
  which use their own non-IP traffic (such as for clustering
  applications). The Security Group API only handles specifying behavior
  within the IP protocol.  With the firewall reference implementation
  (OVS Firewall) anything other than IPv4 and IPv6 is subject to the
  default deny.  This means OpenStack customers have no options to use
  OpenStack to permit protocols that use separate ethertypes like
  InfiniBand and FCoE.

  We propose adding to the Security Group API the capability to specify
  standard security group behaviors (allow, deny) for custom ethertypes,
  with the aim of implementing these controls in the OVS firewall.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1832758/+subscriptions

References

[Bug 1832758] [NEW] [RFE] Allow/deny custom ethertypes in security groups
From: Dan Sneddon, 2019-06-13