Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: openshift-4.10.z, openshift-4.8.z, openshift-4.11.z
Component/s: None
Labels:
- IPSec
- NetApp
- OVN
- SDN
- sb_tracked

Blocked:
False
Blocked Reason:
None
Ready:
False
Backlogs:

SDN
Color Status:
Not Selected
Intelligence Requested:
Market:
PX Impact Score:
PX Priority Data:
PX Review Complete:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

1. Proposed title of this feature request

Provide IPSec over transport mode for NetApp OnTap 9.8+

2. What is the nature and description of the request?

NetApp does not do IPSec over tunnels, only transport mode. See:

https://docs.netapp.com/us-en/ontap/networking/configure_ip_security_@ipsec@_over_wire_encryption.html

3. Why does the customer need this? (List the business requirements here)

Many OCP customers - Government, FSI, et al. - use NetApp storage devices and require encrypted data-in-motion. NetApp does provide encrypted transmission over Kerberized NFS, but the performance is 20% that of IPSec.

Unfortunately, NetApp does not provide support for IPSec over tunnel, only transport mode.

4. List any affected packages or components.

SDN/OVN

The following epics are related, but for IPSec over tunnel mode:

https://issues.redhat.com/browse/HATSTRAT-33
https://issues.redhat.com/browse/CTONET-2505

is related to

OCPSTRAT-499 Add nm-libreswan to RHCOS

Closed

Assignee:: Marc Curry

Reporter:: Daniel Yocum

Votes:: 3 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2022/11/10 7:18 PM

Updated:: 2024/08/13 4:22 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates