[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-API] CP-3477: Make xapi listen on all dom0 IP addresses
On Fri, Jun 21, 2013 at 4:05 PM, Rob Hoes <Rob.Hoes@xxxxxxxxxx> wrote:
Thanks for replying.
I've explained the threat below but before that I see 0.0.0.0 as a good sign for VM live migration.
xe vm-migrate is forced to use management network only for live migration but now since XAPI works on 0.0.0.0 can we have network as a parameter to it so that we could decide on fastest available way ? VM RAM is getting bigger day by day :)
On many of our hosts, we need to use routed network for the guests. These guests have their gateway as host which is exposed to internet.
Since adding a routed gateway is done by the admins on the fly (which sometimes require alteration to iptables ), it is a threat to rely on iptables to be always correct and intact for management. Our management tools talk to XAPI on 80 (rrd) & 443(mgmt) which I felt safe as no guest could sniff it even if being in promiscuous mode. Guest carry internet traffic as well as DOS attack which cant be trusted.
May be you can shed some light on it.
_______________________________________________ Xen-api mailing list Xen-api@xxxxxxxxxxxxx http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |