9f09b1fb19
Support security group rules with remote_address_group_id in openvswitch firewall. This change reuses most of the firewall functions handling remote security groups to also process remote address groups. The conjunctive flows for a rule with remote_adress_group_id are similar to others with remote_group_id but have different conj_ids. Change-Id: I8c69e62ba56b0d3204e9c12df3133126071b92f7 Implements: blueprint address-groups-in-sg-rules
13 lines
648 B
YAML
13 lines
648 B
YAML
---
|
|
features:
|
|
- |
|
|
A new API resource ``address group`` and its CRUD operations are introduced
|
|
to represent a group of IPv4 and IPv6 address blocks. A new option
|
|
``--remote-address-group`` is added to the ``security group rule create``
|
|
command to allow network connectivity with a group of address blocks. And
|
|
the backend support is added to the ``openvswitch`` firewall. When IP
|
|
addresses are updated in the address groups, changes will also be reflected
|
|
in the firewall rules of the associated security group rules.
|
|
For more information, see RFE:
|
|
`1592028 <https://bugs.launchpad.net/neutron/+bug/1592028>`_
|