On Wed, Dec 11, 2019 at 1:21 PM Pavel Nakonechnyi <pavel@gremwell.com> wrote:
Dear oVirt Community,

From my understanding oVirt does not support Open vSwitch IPSEC tunneling for GENEVE traffic (which is described on pages http://docs.openvswitch.org/en/latest/howto/ipsec/ and http://docs.openvswitch.org/en/latest/tutorials/ipsec/).

Correct, currently this is not supported.
Are there plans to introduce such support? (or explicitly not to..)

The feature is tracked in

If you would comment on the bug about your use case and why the feature would be helpful in your scenario, this might help to push the feature.
Is it possible to somehow manually configure such tunneling for existing virtual networks? (even in a limited way)

I would be interested to know, how far we are away from the flow described in
http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/ .
I expect that the openvswitch-ipsec package is missing. Any input on this is welcome.
Alternatively, is it possible to deploy oVirt on top of the tunneled (i.e. via VXLAN, IPSec) interfaces? This will allow to encrypt all management traffic.

Such requirement arises when using oVirt deployment on third-party premises with untrusted network.

Thank in advance for any clarifications. :)

WBR, Pavel

Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PBLO4AQYZQQM2PO5IIFHEFJHPR6DZR63/