Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3428

IPSec over transport mode for external NetApp storage

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • openshift-4.10.z, openshift-4.8.z, openshift-4.11.z
    • None
    • False
    • None
    • False
    • SDN
    • Not Selected

      1. Proposed title of this feature request

      Provide IPSec over transport mode for NetApp OnTap 9.8+

      2. What is the nature and description of the request?

      NetApp does not do IPSec over tunnels, only transport mode. See:

      https://docs.netapp.com/us-en/ontap/networking/configure_ip_security_@ipsec@_over_wire_encryption.html

      3. Why does the customer need this? (List the business requirements here)

      Many OCP customers - Government, FSI, et al. - use NetApp storage devices and require encrypted data-in-motion. NetApp does provide encrypted transmission over Kerberized NFS, but the performance is 20% that of IPSec.

      Unfortunately, NetApp does not provide support for IPSec over tunnel, only transport mode.

      4. List any affected packages or components.

      SDN/OVN

      The following epics are related, but for IPSec over tunnel mode:

      https://issues.redhat.com/browse/HATSTRAT-33
      https://issues.redhat.com/browse/CTONET-2505

              mcurry@redhat.com Marc Curry
              rhn-support-dyocum Daniel Yocum
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: