Comment 2 for bug 1262450

vncserver_listen=127.0.0.1 by itself is not sufficient, you have to have something running on all compute nodes and forwarding vnc connections from the management network to local loopback. It is a way to make things work, but it's even less efficient than setting vncserver_listen=0.0.0.0 and firewalling off non-management networks with iptables. Fixing this in Nova would allow to get rid of such unnecessarily complex workarounds.