-
Feature
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
Product / Portfolio Work
-
None
-
50% To Do, 0% In Progress, 50% Done
-
False
-
-
False
-
None
-
None
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
Feature Overview (aka. Goal Summary)
Enable the ability to opt-out of MAC spoof filtering on OVN-Kubernetes User Defined Networks.
Goals (aka. expected user outcomes)
A configuration setting similar to existing capability when using bridge for secondary networks, where macspoofchk can be used to enable or disable the mac spoofing check.
Requirements (aka. Acceptance Criteria):
Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed. Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.
| Deployment considerations | List applicable specific needs (N/A = not applicable) |
| Self-managed, managed, or both | |
| Classic (standalone cluster) | |
| Hosted control planes | |
| Multi node, Compact (three node), or Single node (SNO), or all | |
| Connected / Restricted Network | |
| Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) | |
| Operator compatibility | |
| Backport needed (list applicable versions) | |
| UI need (e.g. OpenShift Console, dynamic plugin, OCM) | |
| Other (please specify) |
Use Cases (Optional):
While MAC spoof filtering enabled is, in most cases, a positive and welcomed security measure, there exists some use cases where it is desirable to disable it. For example, when running nested virtualization, traffic from multiple MAC addresses (bridged VMs) needs to egress over the OVN port.
Questions to Answer (Optional):
Out of Scope
Background
Customer Considerations
Documentation Considerations
Interoperability Considerations
- is related to
-
-
- Refinement
-
