Hi Kees,

It's not possible to update the rules of the SG at the moment.
Some contributors are working on a feature that would allow ICMP echo requests on the VIP of a load balancer:
910963: Config option to allow ICMP echo requests on VIP | https://review.opendev.org/c/openstack/octavia/+/910963

Customizing the SG of the VIP port is also a feature that has been requested on numerous occasions, we will discuss it during the next PTG in April.

Regards,
Greg

On Wed, Mar 13, 2024 at 3:09 PM Kees Meijs | Nefos <keesm@nefos.nl> wrote:
Hello list,

When creating a new load balancer using Octavia, I noticed the VIP network port gets assigned a dynamic created Security Group.

The Security Group does not contain a rule allowing ICMP, therefore the VIP not being "pingable". Other than harder diagnostics, it could pose PMTU issues and such.

Is it maybe possible to either just enable ICMP, or maybe template the dynamic Security Groups?

Thanks in advance!

Cheers,
Kees