API Support for Managing Custom Ethertypes

Registered by Miguel Lavalle on 2019-07-22

Some operators need to allow/deny custom Ethertypes for applications which use
their own non-IP traffic (such as for clustering applications). The Security
Group API only handles specifying behavior within the IP protocol. With the
firewall reference implementation (OVS Firewall) anything other than IPv4 and
IPv6 is subject to the default deny. This means OpenStack customers have no
options to use OpenStack to permit protocols that use separate ethertypes like
InfiniBand and FCoE.

This blueprint aims at adding to the Security Group API the capability to
specify standard security group behaviors (allow, deny) for custom ethertypes,
with the aim of implementing these controls in the OVS and OVN firewalls.

Blueprint information

Status:
Started
Approver:
Miguel Lavalle
Priority:
High
Drafter:
Miguel Lavalle
Direction:
Approved
Assignee:
Nate Johnston
Definition:
Approved
Series goal:
Accepted for train
Implementation:
Good progress
Milestone target:
milestone icon ussuri-1
Started by
Slawek Kaplonski on 2019-07-30

Related branches

Sprints

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.