There is no need to support this as the SG enforced are the ones of the
members, since the source IP does not change
** Changed in: neutron
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1949230
Title:
OVN Octavia provider driver should implement allowed_cidrs to enforce
security groups on LB ports
Status in neutron:
Invalid
Bug description:
Octavia can use OVN as a provider driver using it's driver framework.
The OVN Octavia provider driver, part of ML2/OVN, does not implement
all of the functionality of the Octavia API [1]. One feature that
should be supported is allowed_cidrs.
The Octavia allowed_cidrs functionality allows Octavia to manage and
communicate the CIDR blocks allowed to address an Octavia load
balancer. Implementing this in the OVN provider driver would allow
load balancers to be only accessible from specific CIDR blocks, a
requirement for customer security ina number of scenarios.
[1] https://docs.openstack.org/octavia/latest/user/feature-
classification/index.html#listener-api-features
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1949230/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
