Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5397

Opt-out of MAC spoof filtering on OVN Kubernetes secondary networks

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • SDN
    • None
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request
      Opt-out of MAC spoof filtering on OVN Kubernetes secondary networks

      2. What is the nature and description of the request?
      Expose control over MAC spoof filtering on OVN Kubernetes secondary network CNI.

      3. Why does the customer need this? (List the business requirements here)
      While having MAC spoof filtering enabled is in most cases a welcome security measure that's not limiting Pod/VM users, in some cases it may be desirable to disable it. For instance, when running nested virtualization, traffic from multiple MAC addresses (bridged VMs) needs to egress over the OVN port. This has been also brought up in https://github.com/ovn-org/ovn-kubernetes/issues/3926.

      4. List any affected packages or components.
      OVN Kubernetes

              mcurry@redhat.com Marc Curry
              phoracek@redhat.com Petr Horacek
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: