-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: OVN secondary network should have the possibility to disable mac spoof check #3926
Comments
This should be easy to add. We have it downstream @cathy-zhou can you PTAL? |
From my tests is needed as well to set "Addresses" to unknown. |
the way we support it downstream is to add a particular annotation in the net-attach-def to indicate on this particular network, spoofcheck is disabled. |
o/ could you elaborate on the design choice @cathy-zhou ? I.e. why have this a per-network attribute rather than per pod attachment ? Like ... assume everything connected to a network like this is "unsafe" ? |
Do we have any new information about this? |
I've been thinking again about this; it could make sense, and if the setting is done per network - and defaulted to having MAC spoofing - I am OK with it. |
Thanks for the update, I will work on implement it and create a PR if you agree |
Yes, we are OK to support this. Seems like NAD is a natural place for the setting to live. Perhaps when we move NAD creation to a CRD it should be a field there. |
Using
bridge
for secondary network allows to specifymacspoofchk
to enable or disable the mac spoofing check.It would be useful for the OVN secondary network to have the same feature. I think a simply condition can be added here:
ovn-kubernetes/go-controller/pkg/ovn/base_network_controller_pods.go
Line 563 in c463cea
Use case: nested virtualization
The text was updated successfully, but these errors were encountered: