Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35866

OpenStack: Missing context on why we disable port security with SR-IOV

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 2
    • None
    • No
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      https://docs.openshift.com/container-platform/4.15/machine_management/creating_machinesets/creating-machineset-osp.html

      We need to explain why portSecurity is set to False.

      Port Security functionality does not apply to SR-IOV configurations, even if enabled at the port level. The VF performance depends entirely on the underlying NIC firmware.

      With the Neutron ML2-OVN plugin, port_security operates at the OVN conntrack layer and does not apply to SR-IOV VFs, making allowed address pair configurations ineffective.

              mbridges@redhat.com Max Bridges
              emacchi@redhat.com Emilien Macchi
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: