I think this problem also exist in security group!
At 2014-06-27 11:20:31, "stanzgy" wrote:
I have filed this bug on nova
https://bugs.launchpad.net/nova/+bug/1334938
On Fri, Jun 27, 2014 at 10:19 AM, Yongsheng Gong
wrote:
I have reported it on neutron project
https://bugs.launchpad.
I have filed this bug on nova
https://bugs.launchpad.net/nova/+bug/1334938
On Fri, Jun 27, 2014 at 10:19 AM, Yongsheng Gong
wrote:
> I have reported it on neutron project
> https://bugs.launchpad.net/neutron/+bug/1334926
>
>
> On Fri, Jun 27, 2014 at 5:07 AM, Vishvananda Ishaya > wrote:
>
>> I
I have reported it on neutron project
https://bugs.launchpad.net/neutron/+bug/1334926
On Fri, Jun 27, 2014 at 5:07 AM, Vishvananda Ishaya
wrote:
> I missed that going in, but it appears that clean_conntrack is not done on
> disassociate, just during migration. It sounds like we should remove th
I missed that going in, but it appears that clean_conntrack is not done on
disassociate, just during migration. It sounds like we should remove the
explicit call in migrate, and just always call it from remove_floating_ip.
Vish
On Jun 26, 2014, at 1:48 PM, Brian Haley wrote:
> Signed PGP part
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I believe nova-network does this by using 'conntrack -D -r $fixed_ip' when the
floating IP goes away (search for clean_conntrack), Neutron doesn't when it
removes the floating IP. Seems like it's possible to close most of that gap
in the l3-agent - wh
There is a bit more to it. The floating ip was dissociated which means it
should have been removed from the gateway device.
How long did the connection stay up? Was this a matter of the l3 agent
getting a little behind and not processing the update for a while? Can you
confirm that the floating
I believe this will affect nova-network as well. We probably should use
something like the linux cutter utility to kill any ongoing connections after
we remove the nat rule.
Vish
On Jun 25, 2014, at 8:18 PM, Xurong Yang wrote:
> Hi folks,
>
> After we create an SSH connection to a VM via its
It¹s kinda ugly, if a user through API/Horizon thinks they¹ve isolated a
host, it should be isolatedŠ
I smell an OSSN here...
On 26/06/2014 17:57, "Miguel Angel Ajo Pelayo"
wrote:
>Yes, once a connection has past the nat tables,
>and it's on the kernel connection tracker, it
>will keep working
Yes, once a connection has past the nat tables,
and it's on the kernel connection tracker, it
will keep working even if you remove the nat rule.
Doing that would require manipulating the kernel
connection tracking to kill that connection,
I'm not familiar with that part of the linux network
stac
Hi folks,
After we create an SSH connection to a VM via its floating ip, even though
we have removed the floating ip association, we can still access the VM via
that connection. Namely, SSH is not disconnected when the floating ip is
not valid. Any good solution about this security issue?
Thanks
10 matches
Mail list logo
