[openstack-dev] oaktree - a friendly end-user oriented API layer - anybody want to help?
Jeremy Stanley
fungi at yuggoth.org
Mon Nov 21 21:54:13 UTC 2016
On 2016-11-21 15:12:45 -0500 (-0500), Zane Bitter wrote:
[...]
> (Also, the point of floating IPs with access to only the control plane is
> not so instances can access the control plane; it's so that the control
> plane can access the instances without everyone on the internet - or
> whatever other external network you might connect to - necessarily being
> able to do the same.)
[...]
Probably just my knee jerking over what seems like yet another
gratuitously unnecessary use of NAT here, but why not simply use
packet filtering (and if necessary, additional virtual NICs)?
--
Jeremy Stanley
More information about the OpenStack-dev
mailing list