-
Story
-
Resolution: Done-Errata
-
Normal
-
None
-
nmstate-2.2.16-1.el9
-
None
-
2
-
rhel-sst-network-management
-
ssg_networking
-
17
-
13
-
-
QE ack
-
False
-
-
Yes
-
NMT - RHEL 8.10/9.4 DTM 00, NMT - RHEL 8.10/9.4 DTM 2
-
Enhancement
-
-
Done
-
-
Unspecified
-
None
Description of problem:
Requesting nmstate to support configuring MACSec interfaces, so that they can be used as slaves of bonds or bridges. This would allow for L2 encryption of all traffic on the network device, eliminating the need to encrypt per service at L7.
Additional info:
This was originally request in the context of RHOSP, here:
https://bugzilla.redhat.com/show_bug.cgi?id=2111556
Acceptance Criteria:
User story
As a system administrator responsible for deploying and maintaining a RHOSP environment, I want nmstate to support the configuration of MACSec interfaces as slaves for bonds or bridges so that I can ensure L2 encryption for all traffic on the network device, thus eliminating the need for individual service encryption at L7 and the associated challenges it brings, such as managing large amounts of certificates required for each endpoint on each overcloud node.
Acceptance criteria
Given a system administrator configuring a system with Nmstate installed,
When the system administrator configure a MACSec interface using Nmstate,
Then:
- The MACSec interface should be correctly configured without any errors.
- The system administrator should be able to enslave the MACSec interface to a bond or bridge.
- All traffic on the MACSec interface should be encrypted at L2.
- Nmstate should provide clear logging or error messages if there are any issues configuring the MACSec interface.
Definition of done
- The implementation meets the acceptance criteria
- Unit test and integration test are written and passed
- The Release Note text field is filled
- The code is part of a build attached to an errata
- blocks
-
RHEL-11282 RHEL 9.4 RPL
- Closed
- relates to
-
RFE-4591 MACsec (IEEE 802.1AE) support for secondary SR-IOV interfaces
- Accepted
- external trackers
- links to
-
RHEA-2023:120000 nmstate bug fix and enhancement update
- mentioned on