In order to support tracing of network traffic across an OpenStack deployment, logging of traffic traversing virtual routers on neutron-gateway/neutron-openvswitch units is required to have a complete picture of source -> firewall/router -> target network flows.
The FWaaS v2 driver supports a _log extension that is configured in the same way as the Neutron Security Group Log driver (which the charms already support).
Please add support for fwaas_v2_log for OpenStack Queens or later.
This is somewhat complicated by the fact that fwaas_v2 is only available in the charms from stein onward; a new configuration option needs to be added to the neutron-api charm to support configuration of the version of the fwaas driver is to be used, along with a new configuration option to enable the log extension.
No migration path exists before stein from v1/v2 so if fwaas is already in use in Queens and Rocky deployments, the log feature will not be supportable.
In order to support tracing of network traffic across an OpenStack deployment, logging of traffic traversing virtual routers on neutron- gateway/ neutron- openvswitch units is required to have a complete picture of source -> firewall/router -> target network flows.
The FWaaS v2 driver supports a _log extension that is configured in the same way as the Neutron Security Group Log driver (which the charms already support).
Please add support for fwaas_v2_log for OpenStack Queens or later.
This is somewhat complicated by the fact that fwaas_v2 is only available in the charms from stein onward; a new configuration option needs to be added to the neutron-api charm to support configuration of the version of the fwaas driver is to be used, along with a new configuration option to enable the log extension.
fwaas-version: 1|2 fwaas-v2- logggin: true|false
enable-
No migration path exists before stein from v1/v2 so if fwaas is already in use in Queens and Rocky deployments, the log feature will not be supportable.