-
Epic
-
Resolution: Obsolete
-
Normal
-
None
-
None
-
None
-
Egress Firewall refactoring
-
False
-
None
-
False
-
Not Selected
-
To Do
-
56% To Do, 0% In Progress, 44% Done
-
M
-
-
---
-
0
-
0
Problem:
- egress firewall affects node ips, but always allows management port ip, which gives access to the node.
- performance: every egress firewall acl is created with a separate transaction (fixed in https://issues.redhat.com/browse/OCPBUGS-17970)
- performance: using source port group instead of address set will decrease the number of ovs flows per node (tracked under https://issues.redhat.com/browse/SDN-4173)
- performance: we use `dst != clusterSubnet` exclusion that may result in many ovs flows (fixed in https://github.com/ovn-org/ovn-kubernetes/pull/3338, )
- dns address sets are not cleaned up on restart
- depends on
-
SDN-3555 ovn-k ACL indexing refactoring
- Closed
- links to
1.
|
Docs Tracker | Closed | Jason Boxman | ||
2.
|
PX Tracker | Closed | Unassigned | ||
3.
|
QE Tracker | Closed | Jean Chen | ||
4.
|
TE Tracker | Closed | Unassigned |