[openstack-dev] Chalenges with highly available service VMs

Ian Wells ijw.ubuntu at cack.org.uk
Tue Jul 16 17:34:16 UTC 2013

On 10 July 2013 21:14, Vishvananda Ishaya <vishvananda at gmail.com> wrote:
>> It used to be essential back when we had nova-network and all tenants
>> ended up on one network.  It became less useful when tenants could
>> create their own networks and could use them as they saw fit.
>> It's still got its uses - for instance, it's nice that the metadata
>> server can be sure that a request is really coming from where it
>> claims - but I would very much like it to be possible to, as an
>> option, explicitly disable antispoof - perhaps on a per-network basis
>> at network creation time - and I think we could do this without
>> breaking the security model beyond all hope of usefulness.
> Per network and per port makes sense.
> After all, this is conceptually the same as enabling or disabling
> port security on your switch.

Bit late on the reply to this, but I think we should be specific on
the network, at least at creation time, on what disabling is allowed
at port level (default off, may be off, must be on as now).  Yes, it's
exactly like disabling port security, and you're not always the
administrator of your own switch; if we extend the analogy you
probably wouldn't necessarily want people turning antispoof off on an
explicitly shared-tenant network.

More information about the OpenStack-dev mailing list