Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: OVN Kubernetes
Labels:
- cnv-netsdn-wg

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
ovn-k2-mac-spoofing
Feature Link:
CNV-51208 - MAC spoof filtering control with the localnet topology
Git Pull Request:
https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4377
[QE] How to address?:
---
Intelligence Requested:
Market:

Cost of Delay:
0
WSJF:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Allow users to connect to connect to the secondary OVN Kubernetes network from an arbitrary MAC.

We would need to introduce 3 different knobs (try to make them fit in the API ...):

opt-out of port security for their networks
allow traffic to unknown addresses
force_fdb_lookup which disables ARPs from being always sent to all LSPs connected to the OVS bridge

The first two knobs are required for L2 switched nested virtualization.

Opting out of port security achieves routed nested virtualization.

The last knob is a performance improvement, which will ensure the data-plane is less congested.

Assignee:: Unassigned

Reporter:: Miguel Duarte de Mora Barroso

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/01/27 12:40 PM

Updated:: 2025/01/27 12:40 PM