Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: OVN Kubernetes
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
[GA]: OVN as Secondary Network
Feature Link:
OCPSTRAT-115 - OVN as Secondary Network [GA]
[QE] How to address?:
---

Cost of Delay:
0
WSJF:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

Update the multi-net controller to:

build default deny-all port group for each of the flat L2 networks targeted by multi-net policy
build policies port-group + translated ACLs for each of the provisioned multi-net policies

Must also update the direction of the ACL flows for egress:

current direction for allow ACLs is `to-lport`
`to-lport` is evaluated in the egress pipepine
when ports are on different nodes, `to-lport` is evaluated in the dst node.

Definition of done:

PRs implementing the above merged
e2e tests asserting these work merged

Attachments

Issue Links

links to

Activity

People

Assignee:: Miguel Duarte de Mora Barroso

Reporter:: Miguel Duarte de Mora Barroso

Contributors:: Jaime Caamaño Ruiz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022/07/29 10:24 AM

Updated:: 2023/05/04 7:25 AM

Resolved:: 2023/05/04 7:25 AM