Feature #2318

[github] Block ARP cache poisoning in openvswitch

Added by Javi Fontan almost 7 years ago. Updated almost 6 years ago.

Status:ClosedStart date:09/09/2013
Priority:NormalDue date:
Assignee:Jaime Melis% Done:

0%

Category:Drivers - Network
Target version:Release 4.8
Resolution:fixed Pull request:

Description

Patch by "Adam Twardowski" in github:

https://github.com/OpenNebula/one/pull/8

Associated revisions

Revision 2e25f110
Added by Jaime Melis almost 6 years ago

Feature #2318: Add a global switch to disable ARP Cache poisoning prevention

History

#1 Updated by Javi Fontan almost 7 years ago

  • Status changed from Pending to Closed
  • Resolution set to fixed

master: 13f4ff0cd
one-4.2: a167e13bc

Added to 4.2 for its security implications

#2 Updated by Jaime Melis about 6 years ago

  • Status changed from Closed to New
  • Assignee deleted (Javi Fontan)
  • Target version changed from Release 4.4 to Release 4.8

This shouldn't be the default behaviour since it prevent some uses cases, like sharing VIPs between a cluster of VMs. The ARP rules should only be introduced when the NETWORK or NIC has a specific parameter such as
ARP_CACHE_POISONING_BLOCK=YES

#3 Updated by Jaime Melis almost 6 years ago

  • Status changed from New to Assigned
  • Assignee set to Jaime Melis
  • Resolution deleted (fixed)

#4 Updated by Ruben S. Montero almost 6 years ago

  • Target version changed from Release 4.8 to Release 4.8 - Beta 1

#5 Updated by Jaime Melis almost 6 years ago

  • Status changed from Assigned to Closed
  • Resolution set to fixed

In the end, the default configuration is to enable these rules, but they can be globally disabled in /var/lib/one/remotes/vnm/OpenNebulaNetwork.conf.

#6 Updated by Javi Fontan almost 6 years ago

  • Target version changed from Release 4.8 - Beta 1 to Release 4.8

Also available in: Atom PDF