[nova][neutron][deployment-projects] Re secbug #1734320

Tobias Urdin tobias.urdin at binero.com
Tue Aug 3 21:54:52 UTC 2021


Hello,

Seems like there was no feedback here or did you figure anything out?
I’m also very interested in the recommend approach to this.

Best regards

> On 18 Jun 2021, at 18:12, Radosław Piliszek <radoslaw.piliszek at gmail.com> wrote:
> 
> Hello Folks!
> 
> I am writing this because a recent patch proposed to DevStack [1]
> mentioned "when using ml2/ovs vif isolation should always be used to
> prevent cross tenant traffic during a live migration" which is related
> to secbug #1734320 "Eavesdropping private traffic" [2].
> However, I've found that none of the publicly-available deployment
> projects seem to be using ``isolate_vif``. [3] [4]
> Should this be corrected?
> 
> PS: I used the deployment-projects tag as a collective tag to avoid
> mentioning all the projects (as it is too long to write :-) ). I hope
> that relevant people see this if need be or someone passes the
> information to them. For now, I am curious whether this should
> actually be enforced by default with ML2/OVS.
> 
> [1] https://review.opendev.org/c/openstack/devstack/+/796826
> [2] https://bugs.launchpad.net/neutron/+bug/1734320
> [3] https://codesearch.opendev.org/?q=%5Cbisolate_vif%5Cb&i=nope&files=&excludeFiles=&repos=
> [4] https://github.com/search?p=1&q=isolate_vif&type=Code
> 
> -yoctozepto
> 



More information about the openstack-discuss mailing list