-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
-
1. Proposed title of this feature request
Opt-out of MAC spoof filtering on OVN Kubernetes secondary networks
2. What is the nature and description of the request?
Expose control over MAC spoof filtering on OVN Kubernetes secondary network CNI.
3. Why does the customer need this? (List the business requirements here)
While having MAC spoof filtering enabled is in most cases a welcome security measure that's not limiting Pod/VM users, in some cases it may be desirable to disable it. For instance, when running nested virtualization, traffic from multiple MAC addresses (bridged VMs) needs to egress over the OVN port. This has been also brought up in https://github.com/ovn-org/ovn-kubernetes/issues/3926.
4. List any affected packages or components.
OVN Kubernetes
- blocks
-
CNV-38180 OVN Kubernetes localnet: Disabling MAC spoof filtering
- New
- links to