Hello, Seems like there was no feedback here or did you figure anything out? I’m also very interested in the recommend approach to this. Best regards > On 18 Jun 2021, at 18:12, Radosław Piliszek <radoslaw.piliszek at gmail.com> wrote: > > Hello Folks! > > I am writing this because a recent patch proposed to DevStack [1] > mentioned "when using ml2/ovs vif isolation should always be used to > prevent cross tenant traffic during a live migration" which is related > to secbug #1734320 "Eavesdropping private traffic" [2]. > However, I've found that none of the publicly-available deployment > projects seem to be using ``isolate_vif``. [3] [4] > Should this be corrected? > > PS: I used the deployment-projects tag as a collective tag to avoid > mentioning all the projects (as it is too long to write :-) ). I hope > that relevant people see this if need be or someone passes the > information to them. For now, I am curious whether this should > actually be enforced by default with ML2/OVS. > > [1] https://review.opendev.org/c/openstack/devstack/+/796826 > [2] https://bugs.launchpad.net/neutron/+bug/1734320 > [3] https://codesearch.opendev.org/?q=%5Cbisolate_vif%5Cb&i=nope&files=&excludeFiles=&repos= > [4] https://github.com/search?p=1&q=isolate_vif&type=Code > > -yoctozepto >