Details
-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
Description
Update the multi-net controller to:
- build default deny-all port group for each of the flat L2 networks targeted by multi-net policy
- build policies port-group + translated ACLs for each of the provisioned multi-net policies
Must also update the direction of the ACL flows for egress:
- current direction for allow ACLs is `to-lport`
- `to-lport` is evaluated in the egress pipepine
- when ports are on different nodes, `to-lport` is evaluated in the dst node.
Definition of done:
- PRs implementing the above merged
- e2e tests asserting these work merged
Attachments
Issue Links
- links to