Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-15503

[rhoso-tracker] edpm_frr_bgp_neighbor_password cannot be used with FIPS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhos-18.0.7
    • ovn-bgp-agent
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • None
    • Hide
      Cause: Due to a limitation in frr, reported in RHEL-63205, if FIPS is enabled, configured BGP passwords are ignored because the MD5 algorithm is not supported with FIPS.
      Consequence: The `edpm_frr_bgp_neighbor_password` parameter cannot be used in RHOSO when FIPS is enabled.
      Workaround: There is no workaround, but BGP can be configured with no password.
      Result: The BGP messages are not encrypted when FIPS is enabled.
      Show
      Cause: Due to a limitation in frr, reported in RHEL-63205 , if FIPS is enabled, configured BGP passwords are ignored because the MD5 algorithm is not supported with FIPS. Consequence: The `edpm_frr_bgp_neighbor_password` parameter cannot be used in RHOSO when FIPS is enabled. Workaround: There is no workaround, but BGP can be configured with no password. Result: The BGP messages are not encrypted when FIPS is enabled.
    • Known Issue
    • Moderate

      This bug is a tracker for the RHEL ticket RHEL-63205 from RHOSO side.

      Its intention is also to document as a known issue the fact that the parameter edpm_frr_bgp_neighbor_password should not be used when RHOSO is configured with FIPS.

       

      The component is set to ovn-bgp-agent to assign it automatically to the bgp squad.

              eolivare Eduardo Olivares Toledo
              eolivare Eduardo Olivares Toledo
              rhos-dfg-networking-squad-bgp
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: