On Wed, Dec 11, 2019 at 1:21 PM Pavel Nakonechnyi <pavel(a)gremwell.com>
wrote:
Dear oVirt Community,
From my understanding oVirt does not support Open vSwitch IPSEC tunneling
for GENEVE traffic (which is described on pages
http://docs.openvswitch.org/en/latest/howto/ipsec/ and
http://docs.openvswitch.org/en/latest/tutorials/ipsec/).
Correct, currently this is not supported.
Are there plans to introduce such support? (or explicitly not to..)
The feature is tracked in
https://bugzilla.redhat.com/1782056
If you would comment on the bug about your use case and why the feature
would be helpful in your scenario, this might help to push the feature.
Is it possible to somehow manually configure such tunneling for
existing
virtual networks? (even in a limited way)
I would be interested to know, how far we are away from the flow described
in
http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/ .
I expect that the openvswitch-ipsec package is missing. Any input on this
is welcome.
Alternatively, is it possible to deploy oVirt on top of the tunneled
(i.e.
via VXLAN, IPSec) interfaces? This will allow to encrypt all management
traffic.
Such requirement arises when using oVirt deployment on third-party
premises with untrusted network.
Thank in advance for any clarifications. :)
--
WBR, Pavel
+32478910884
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PBLO4AQYZQQ...