yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1949230] Re: OVN Octavia provider driver should implement allowed_cidrs to enforce security groups on LB ports

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Luis Tomas <1949230@xxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Jun 2023 14:56:25 -0000
Reply-to: Bug 1949230 <1949230@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

There is no need to support this as the SG enforced are the ones of the
members, since the source IP does not change

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1949230

Title:
  OVN Octavia provider driver should implement allowed_cidrs to enforce
  security groups on LB ports

Status in neutron:
  Invalid

Bug description:
  Octavia can use OVN as a provider driver using it's driver framework.
  The OVN Octavia provider driver, part of ML2/OVN, does not implement
  all of the functionality of the Octavia API [1].  One feature that
  should be supported is allowed_cidrs.

  The Octavia allowed_cidrs functionality allows Octavia to manage and
  communicate the CIDR blocks allowed to address an Octavia load
  balancer.  Implementing this in the OVN provider driver would allow
  load balancers to be only accessible from specific CIDR blocks, a
  requirement for customer security ina number of scenarios.

  [1] https://docs.openstack.org/octavia/latest/user/feature-
  classification/index.html#listener-api-features

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1949230/+subscriptions

References

[Bug 1949230] [NEW] OVN Octavia provider driver should implement allowed_cidrs to enforce security groups on LB ports
From: Nate Johnston, 2021-10-29