<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">
<div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">
<font size="2" class="">Hey all,</font>
<div class=""><font size="2" class=""><br class="">
</font></div>
<div class=""><font size="2" class="">Glad to see someone actually having trove in production and giving feedback to the community, thanks for doing that BTW. </font></div>
<div class=""><font size="2" class=""><br class="">
</font></div>
<div class=""><font size="2" class="">IIRC, back in 2017, we had a remote discussion during PTG, and we were planning to adopt octavia solution, @huntxu drafted a specs <a href="https://review.openstack.org/#/c/553679/" class="">https://review.openstack.org/#/c/553679/</a>,
but as far as I know, he will not continue this work in the future. </font></div>
<div class="">
<div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<font size="2" class=""><br class="Apple-interchange-newline">
Best Wishes.</font></div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<font size="2" class=""><br class="">
</font></div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<font size="2" class="">Fan Zhang</font></div>
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Jan 23, 2019, at 09:04, Zane Bitter <<a href="mailto:zbitter@redhat.com" class="">zbitter@redhat.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">On
23/01/19 9:09 AM, Darek Król wrote:</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:<br class="">
<blockquote type="cite" class="">Last time I heard (which was probably mid-2017), the Trove team had<br class="">
implemented encryption for messages on the RabbitMQ bus. IIUC each DB being<br class="">
managed had its own encryption keys, so that would theoretically prevent<br class="">
both snooping and spoofing of messages. That's the good news.<br class="">
<br class="">
The bad news is that AFAIK it's still using a shared RabbitMQ bus, so<br class="">
attacks like denial of service are still possible if you can extract the<br class="">
shared credentials from the VM. Not sure about replay attacks; I haven't<br class="">
actually investigated the implementation.<br class="">
<br class="">
cheers,<br class="">
Zane.<br class="">
</blockquote>
<blockquote type="cite" class="">Excellent - many thanks for the confirmation.<br class="">
<br class="">
Cheers,<br class="">
Michael<br class="">
</blockquote>
Hello Michael and Zane,<br class="">
sorry for the late reply.<br class="">
I believe Zane is referring to a video from 2017 [0].<br class="">
Yes, messages from trove instances are encrypted and the keys are kept<br class="">
in Trove DB. It is still a shared message bus, but it can be a message<br class="">
bus dedicated for Trove only and separated from message bus shared by<br class="">
other Openstack services.<br class="">
DDOS attacks are also mentioned in the video as a potential threat but<br class="">
there is very little details and possible solutions.<br class="">
</blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Yes,
in fact that was me asking the question in that video :)</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">
Recently we had<br class="">
some internal discussion about this threat within Trove team. Maybe we<br class="">
could user Rabbitmq mechanisms for flow control mentioned in [1,2,3] ?<br class="">
Another point, I'm wondering if this is a problem only in Trove or is<br class="">
it something other services would be interesting in also ?<br class="">
Best,<br class="">
Darek<br class="">
[0] <a href="https://youtu.be/dzvcKlt3Lx8" class="">https://youtu.be/dzvcKlt3Lx8</a><br class="">
[1] <a href="https://www.rabbitmq.com/flow-control.html" class="">https://www.rabbitmq.com/flow-control.html</a><br class="">
[2] <a href="http://www.rabbitmq.com/blog/2012/04/17/rabbitmq-performance-measurements-part-1/" class="">
http://www.rabbitmq.com/blog/2012/04/17/rabbitmq-performance-measurements-part-1/</a><br class="">
[3] <a href="https://tech.labs.oliverwyman.com/blog/2013/08/31/controlling-fast-producers-in-a-rabbit-as-a-service/" class="">
https://tech.labs.oliverwyman.com/blog/2013/08/31/controlling-fast-producers-in-a-rabbit-as-a-service/</a></blockquote>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</body>
</html>