yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1633280] Re: [RFE]need a way to disable anti-spoofing rules and yet keep security groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Anindita Das <anindita.das@xxxxxxxxx>
Date: Wed, 19 Oct 2016 16:43:55 -0000
Reply-to: Bug 1633280 <1633280@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1633280

Title:
  [RFE]need a way to disable anti-spoofing rules and yet keep security
  groups

Status in neutron:
  Opinion

Bug description:
  Basically all NFV use-cases would require this split. The current
  approach for NFV is to turn things off and have the VNFs protect
  themselves rather than the infra-structure supports security.  Even in
  simple deployments, like cloud bursting, you'll need to be able to
  allow the customer to control his addressing. The customer might want
  to do so by having the router (which does the IPSEC tunnel
  termination) either use ICMP RA (in case of v6/SLAAC) or DHCP (v4/v6)
  to control addressing - as opposed to have openstack control the
  addressing. In this case, the VNF only deals with addressing but it
  has to protect itself without security groups.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1633280/+subscriptions

References

[Bug 1633280] [NEW] need a way to disable anti-spoofing rules and yet keep security groups
From: Rui Zang, 2016-10-14