[Ussuri][neutron] How to accomplish what allow_same_net_traffic did
Eugen Block
eblock at nde.ag
Tue May 4 07:40:31 UTC 2021
Hi *,
I was wondering how other operators deal with this. Our cloud started
somewhere in Kilo or Liberty version and in older versions the option
allow_same_net_traffic allowed to control whether instances in our
shared network could connect to each other between different projects.
That option worked for us but is now deprecated and the Pike release
notes [1] state:
> Given that there are other better documented and better tested ways
> to approach this, such as through use of neutron’s native port
> filtering or security groups, this functionality has been removed.
> > Users should instead rely on one of these alternatives.
Does that mean all security groups need to be changed in a way that
this specific shared network is not reachable? That would be a lot of
work if you have many projects. Is there any easier way?
Regards,
Eugen
[1] https://docs.openstack.org/releasenotes/nova/pike.html
More information about the openstack-discuss
mailing list