[openstack-dev] Fwd: Chalenges with highly available service VMs

Ian Wells ijw.ubuntu at cack.org.uk
Fri Jul 5 03:26:09 UTC 2013

On 4 July 2013 23:42, Robert Collins <robertc at robertcollins.net> wrote:
> Seems like a tweak would be to identify virtual IPs as separate to the
> primary IP on a port:
>  you don't need to permit spoofing of the actual host IP for each host in
> the HA cluster; you just need to permit spoofing of the virtual IP. This
> would be safer than disabling the spoofing rules, and avoid configuration
> errors such as setting the primary IP of one node in the cluster to be a
> virtual IP on another node - neutron would reject that as the primary IP
> would be known as that.

With apologies for diverting the topic somewhat, but for the use cases
I have, I would actually like to be able to disable the antispoofing
in its entirety.

It used to be essential back when we had nova-network and all tenants
ended up on one network.  It became less useful when tenants could
create their own networks and could use them as they saw fit.

It's still got its uses - for instance, it's nice that the metadata
server can be sure that a request is really coming from where it
claims - but I would very much like it to be possible to, as an
option, explicitly disable antispoof - perhaps on a per-network basis
at network creation time - and I think we could do this without
breaking the security model beyond all hope of usefulness.

More information about the OpenStack-dev mailing list