API Support for Managing Custom Ethertypes
Registered by
Miguel Lavalle
Some operators need to allow/deny custom Ethertypes for applications which use
their own non-IP traffic (such as for clustering applications). The Security
Group API only handles specifying behavior within the IP protocol. With the
firewall reference implementation (OVS Firewall) anything other than IPv4 and
IPv6 is subject to the default deny. This means OpenStack customers have no
options to use OpenStack to permit protocols that use separate ethertypes like
InfiniBand and FCoE.
This blueprint aims at adding to the Security Group API the capability to
specify standard security group behaviors (allow, deny) for custom ethertypes,
with the aim of implementing these controls in the OVS and OVN firewalls.
Blueprint information
- Status:
- Complete
- Approver:
- Miguel Lavalle
- Priority:
- Undefined
- Drafter:
- Miguel Lavalle
- Direction:
- Needs approval
- Assignee:
- Nate Johnston
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Rodolfo Alonso
Related branches
Related bugs
Sprints
Whiteboard
(?)
