yahoo-eng-team team mailing list archive

[OpenStack Infra <1982287@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/906020
Committed: https://opendev.org/openstack/neutron-tempest-plugin/commit/a016f7a349d55e07c81b693d3dfe9a3ba6244ee9
Submitter: "Zuul (22348)"
Branch:    master

commit a016f7a349d55e07c81b693d3dfe9a3ba6244ee9
Author: liushy <liuxie_11@xxxxxxx>
Date:   Thu Jan 18 11:13:58 2024 +0800

    Add test job for address_group api backend Ml2/OVN
    
    Depends-on: https://review.opendev.org/c/openstack/neutron/+/949852
    Depends-on: https://review.opendev.org/c/openstack/neutron/+/949854
    
    Closes-Bug: #1982287
    Change-Id: Idd64c04b98006b0ecfaad9f9c3a8c218a57ab4db


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1982287

Title:
  [rfe][ovn] Support address group for ovn driver

Status in neutron:
  Fix Released

Bug description:
  As the title describes, we can use 'Address_Set' of ovn to support the
  feature that address group.

  OVN is already supporting the feature 'Address_Set' that create a set
  of address contains IPv4, or IPv6 addresses with optional bitwise or
  CIDR masks. For details, we can see [0].

  For example:
  # Create an address set 
  ovn-nbctl create Address_Set name=as1 addresses=\"10.0.0.2\",\"10.0.0.3\"

  # Add acl1 uses as1 
  ovn-nbctl --wait=hv acl-add pg1 to-lport 1001 'outport == "pg1" && ip4 && ip4.src == $as1' allow

  
  So we can implement the feature that translate the neutron address group to a Address_Set entry and put this entry to a match filed of ovn acl.


  
  [0]https://github.com/ovn-org/ovn/blob/81503d661ed9449ebe85f4b6b3130b75c7dd60bd/ovn-nb.xml#L1641

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1982287/+subscriptions