Hello Benyamin: I'm guessing from your mail that you are referring to Neutron security groups and you are using ML2/OVN. Any SG rule should be defined in Neutron, not in OVN directly. The Neutron SG rules are translated to ACLs and applied to a port group. If you are interested in how this is done, please check [1]. If you want to add any new functionality to the SG rules, you should create a LP bug [2] with a RFE. This RFE should be a high level description of what want to implement. Be aware that we have multiple mechanism drivers in-tree: LB, OVS and OVN. This feature should be compatible with all of them. The RFE can be discussed during the Neutron drivers meetings [3]. Regards. [1] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers... [2]https://bugs.launchpad.net/neutron/ [3]https://meetings.opendev.org/#Neutron_drivers_Meeting On Mon, Jan 22, 2024 at 3:41 PM benyamin sam khanyani < bsamkhaniyani@gmail.com> wrote:
Hi,
I am working on the security group and aim to extend its functionality by applying custom rules based on source and destination ports, arbitrary match criteria, actions, and so on. I did it by using ovn-nbctl commands and everything worked well. Unfortunately, the only issue is that I can not see my custom rules in MariaDB and I didn't find any other solution for defining security group rules with my desired options. So, I want to ask you how I can tackle this issue?
Regards, Benjamin Sam