[RFE][fwaas][OVN]support l3 firewall for ovn driver

Bug #1971958 reported by Liu Xie
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Liu Xie

Bug Description

As neutron-fwaas project is re-maintenance, and ovn become one of the main driver for neutron project.
Maybe we could implement l3 firewall for ovn driver.

Liu Xie (liushy)
tags: added: fwaas
tags: added: rfe
Revision history for this message
Lajos Katona (lajos-katona) wrote :

We discussed this RFE during the drivers meeting (see [1]) and agreed that this is a good idea, but we would like you to add some extra details and the exact goals to have clear direction and see if it is possible with OVN.

[1]: https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-05-13-14.01.log.html#l-14

tags: added: rfe-approved
Revision history for this message
Lajos Katona (lajos-katona) wrote :

I created a blueprint for this RFE:

Please reference the blueprint also in your commit messages, not only this RFE, example:
Partially-Implements: blueprint support-l3-firewall-for-ovn-driver

Changed in neutron:
status: New → Triaged
Revision history for this message
Liu Xie (liushy) wrote :

I have test it that l3 acl with ovn backend.It is work fine when put any stateless acls for lrp which is gateway of subnet.
So we could implement one driver with ovn backend through transform firewall rules to stateless acls for lrp.
Any one has other opinions?

Revision history for this message
ZhouHeng (zhouhenglc) wrote :

Is it only effective in the gateway subnet? What about the internal subnet interface?

Revision history for this message
Liu Xie (liushy) wrote :

We test it use gateway port of internal subnet.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron-fwaas (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron-fwaas/+/845756

Liu Xie (liushy)
Changed in neutron:
assignee: nobody → Liu Xie (liushy)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers