[RFE]need a way to disable anti-spoofing rules and yet keep security groups
Bug #1633280 reported by
Rui Zang
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Wishlist
|
Unassigned |
Bug Description
Basically all NFV use-cases would require this split. The current approach for NFV is to turn things off and have the VNFs protect themselves rather than the infra-structure supports security. Even in simple deployments, like cloud bursting, you'll need to be able to allow the customer to control his addressing. The customer might want to do so by having the router (which does the IPSEC tunnel termination) either use ICMP RA (in case of v6/SLAAC) or DHCP (v4/v6) to control addressing - as opposed to have openstack control the addressing. In this case, the VNF only deals with addressing but it has to protect itself without security groups.
Changed in neutron: | |
assignee: | nobody → Rui Zang (rui-zang) |
tags: | added: rfe |
summary: |
- need a way to disable anti-spoofing rules and yet keep security groups + [RFE]need a way to disable anti-spoofing rules and yet keep security + groups |
Changed in neutron: | |
status: | Incomplete → New |
Changed in neutron: | |
status: | New → Opinion |
Changed in neutron: | |
status: | Triaged → Incomplete |
To post a comment you must log in.
Can you please add [RFE] in the title and add reproduction steps of the current approach?