Thanks for your comprehensive reply.I apply completely similar rules to what Neutron installs on OVN Northbound Database and I think it is compatible with LB, OVS, and OVN. I think the main issue is the sync mechanism between Neutron DB and OVN Northbound DB[1](Line 244). Clearly, It's not a bug but I think this function can be enhanced in order to support changes which can be defined directly in OVN Northbound DB. As there are a variety of functionalities in ovn-nbctl and ovn-sbctl command line tools, I believe that it could be beneficial.
[1]https://github.com/openstack/neutron/blob/dad8c3fecc4e97764a92f558d9df510fa2516877/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.pyOn Mon, 22 Jan 2024 at 18:31, Rodolfo Alonso Hernandez <ralonsoh@redhat.com> wrote:Hello Benyamin:I'm guessing from your mail that you are referring to Neutron security groups and you are using ML2/OVN. Any SG rule should be defined in Neutron, not in OVN directly. The Neutron SG rules are translated to ACLs and applied to a port group. If you are interested in how this is done, please check [1].If you want to add any new functionality to the SG rules, you should create a LP bug [2] with a RFE. This RFE should be a high level description of what want to implement. Be aware that we have multiple mechanism drivers in-tree: LB, OVS and OVN. This feature should be compatible with all of them. The RFE can be discussed during the Neutron drivers meetings [3].Regards.On Mon, Jan 22, 2024 at 3:41 PM benyamin sam khanyani <bsamkhaniyani@gmail.com> wrote:Benjamin SamHi,Regards,
I am working on the security group and aim to extend its functionality by applying custom rules based on source and destination ports, arbitrary match criteria, actions, and so on. I did it by using ovn-nbctl commands and everything worked well. Unfortunately, the only issue is that I can not see my custom rules in MariaDB and I didn't find any other solution for defining security group rules with my desired options. So, I want to ask you how I can tackle this issue?