yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1373868] Re: Should we allow all networks use allowed address pairs?

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Eugene Nikanorov <enikanorov@xxxxxxxxxxxx>
Date: Sun, 28 Sep 2014 11:18:53 -0000
Reply-to: Bug 1373868 <1373868@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Neutron already has max_allowed_address_pair configuration value in neutron conf. 
The default limit is 10. However it's not related to shared networks and is a limitation per one port.

I think it worth reaching out to openstack-dev mailing list and starting
a thread about this and then file a bug based on discussion.

Marking as invalid

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1373868

Title:
  Should we allow all networks use allowed address pairs?

Status in OpenStack Neutron (virtual network service):
  Invalid

Bug description:
  Now we can add allowed address pair to every net's port if allowed
  address pair is enable.

  This will cause security problem in a shared network, I think.

  So we should add an limit for shared net or add a config entry in neutron.conf, so administrator
  can disables some net's ports' allowed address pairs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1373868/+subscriptions

References

[Bug 1373868] [NEW] Should we alow all network can use allowed address pairs?
From: Wei Wang, 2014-09-25