-
Story
-
Resolution: Won't Do
-
Major
-
None
-
1
-
False
-
-
False
-
Given a system administrator has configured a network with OVN localnet and enabled VLAN 100 with private VLAN (PVLAN) isolation on containers,
When, they enable PVLAN on the localnet ports of containers as shown below
Then, any traffic between containers with PVLAN enabled must pass through the physical network switch so that east-west traffic is isolated.
Given a system administrator has configured a network with OVN localnet and enabled VLAN 100 with private VLAN (PVLAN) isolation on containers, When, they enable PVLAN on the localnet ports of containers as shown below Then, any traffic between containers with PVLAN enabled must pass through the physical network switch so that east-west traffic is isolated. -
None
-
rhel-net-ovn
-
-
-
ssg_networking
-
FDP 24.G, FDP 25.A, FDP 25.B, OVN FDP 25.C
-
4
Introduce support for private VLAN (sometimes called port security) to OVN localnet. This should mimic the behavior of `bridge link set dev <name of the host-side interface> isolated on` of Linux bridge and force east-west traffic to pass through the physical network switch.
This is requirement for smart switches, where observability and rule enforcement is handled on the hardware.
The consumer of this feature request will be OVN Kubernetes, which uses OVN localnet as a more powerful alternative of Linux bridge.
More context and a list of customers can be found in: RFE-4899 CNV-43130 CNV-39665.
- blocks
-
RFE-4899 Support for port isolation / Private VLAN
-
- Approved
-
