[Openstack] Could s/o clarify if DHCP and L3 agents must be on different hosts if namespaces are disabled ?

Sylvain Bauza sylvain.bauza at digimind.com
Thu Mar 21 08:18:01 UTC 2013

Previous message: [Openstack] Could s/o clarify if DHCP and L3 agents *must* be on different hosts if namespaces are disabled ?
Next message: [Openstack] Could s/o clarify if DHCP and L3 agents *must* be on different hosts if namespaces are disabled ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Gary,

Le 20/03/2013 17:26, Gary Kotton a écrit :
> Yes, this works. The problem is ensuring the network isolation. That
> is, someone can make changes in the routing table on the host which
> will enable one to gain access to the quantum networks. That is why we
> suggest that they run on different hosts. We have a review that is
> open to enable one to enforce this when the agents starts (this is
> disabled by default to ensure backward compatability and to enable one
> to run an all in one setup - for proof of concepts and testing)
>

Damn, makes sense. Once you explain this, the reasons are clear.
>
>>
>> So, am I wrong ? What is the terrible thing which could happe in a
>> next few days if still keeping my environment as it is ?
>
> No, it is not terrible at all.

Great, my mind feels lighter ;-)

Previous message: [Openstack] Could s/o clarify if DHCP and L3 agents *must* be on different hosts if namespaces are disabled ?
Next message: [Openstack] Could s/o clarify if DHCP and L3 agents *must* be on different hosts if namespaces are disabled ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Openstack mailing list