Open Stack

Hi,

I've been working on implementing the bulk creation/deletion of floating
IPs. I've moved over the nova-manage implementation which has been a
pretty straightforward process, but noticed that if you do something a
with the original nova-manage command like:

nova-manage delete 10.0.0.0/8

it not so unexpectedly takes a very long time. Not so much a problem
if you do it via nova-manage, but would I think be an issue for the API
server.

The underlying db calls floating_ip_bulk_create/destroy just
take lists of IPs, but in the context of deletion/creation with the way
IPs are stored in the db I'm not sure that can really be optimised
anyway.

So I think as it currently is implemented there is a denial of service
issue. Any suggestions on what the right approach to this is? 

Eg. if as I think its not possible to optimise large creation/deletes
then is it ok if only admin users can access the API and that they
should know better than to do this in the first place? 

Or should I attempt to simply reject any requests where there are too
many ips being deleted/created at one time? (eg /24 as the biggest bulk
request?)

Regards,

Chris
-- 
cyeoh at au.ibm.com