Bug 1898615

Summary: [RFE] Enable IPSec for OVN
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Dominik Holler <dholler>
Component: ovn2.13Assignee: OVN Team <ovnteam>
Status: CLOSED CURRENTRELEASE QA Contact: ying xu <yinxu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: FDP 19.ECC: amusil, ctrautma, dcbw, jhsiao, jiji, jishi, mark.d.gray, mburman, qding, ralongi, tredaelli, yinxu
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-25 18:06:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1782141    
Bug Blocks: 1782056    

Description Dominik Holler 2020-11-17 16:26:54 UTC 
Description of problem:
Enable OVNs support of IPSec encryption of the tunnels.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. http://docs.openvswitch.org/en/stable/tutorials/ovn-ipsec/
2.
3.

Actual results:
openvswitch-ipsec is missing

Expected results:
All required software to use encrypted tunnels are available for RHV.

Additional info:
Comment 1 Mark Gray 2020-11-30 14:21:49 UTC 
With regards to testing for this feature, the following tutorial gives a detailed description of test set-up: https://docs.openvswitch.org/en/latest/tutorials/ipsec/.

* There are three authentication methods, we should probably test all three but "Using CA-signed certificate" is the priority.
* This can be used with a number of tunnel types, we should probably test at least "vxlan" and "geneve" but maybe others.

As this openvswitch package will enable OVN IPsec to work, we may also have to validate that. Instructions for setup can be found here: https://docs.ovn.org/en/latest/tutorials/ovn-ipsec.html
Comment 2 Dan Williams 2021-05-04 14:26:34 UTC 
What's left to do for this bug?
Comment 3 Dan Williams 2021-05-25 18:06:27 UTC 
Based on the IPsec improvements in the 21.03 and 21.06 cycles, I'm closing this bug as CURRENTRELEASE. Please re-open if you find something specific that's not yet implemented. Thanks!