Bug 1254972
Summary: | [RFE] indicate how many packets are filtered out per vnic | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Juan Pablo Lorier <jplorier> |
Component: | RFEs | Assignee: | bugs <bugs> |
Status: | CLOSED DEFERRED | QA Contact: | Lukas Svaty <lsvaty> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | --- | CC: | bugs, danken, jplorier, lsurette, mburman, srevivo |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | Flags: | ylavi:
ovirt-future?
ylavi: planning_ack? ylavi: devel_ack? ylavi: testing_ack? |
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-10-13 11:12:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Metrics | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1193224, 1317441 | ||
Bug Blocks: |
Description
Juan Pablo Lorier
2015-08-19 11:15:54 UTC
no-mac-spoofing is a security measure which most of our users want. I think that disabling it by default is wrong. Have you tried following http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook to install vdsm-hook-macspoof ? Setting http://www.ovirt.org/Vdsm_Hooks#Device-level_hooks makes the option of allowing mac-spoofing much more accessible. Dear Dan, I'm not questioning the use of no-mac-spoofing. I question that this is enabled by default. In the time I'm in the list, I saw more than once people having troubles with this. I think that having it disabled by default will let the people that do understand and want this security measure running the option of enabling it and not the other way arround as more inexperienced people may fall for this without knowing it exists. This people may not find out that this is their problem and that have to install a hook to customice it until they actually have a problem and spend at least a couple of days until they reach to a solution or a helping hand pointing to the right direction. Regards, I believe that installing and configuring vdsm-hook-macspoof by default would make this feature more accessible and easier to consume. Don't you think? That seems to be a better solution. I agree that by doing that we can get the best of both worlds. It should be also documented so everybody knows how to use this. Regards Come to think of it, we already have an rfe bug 1193224 about this. We may want to give an indication how many packets have been filtered out as a warning on each vnic. Moving to DWH as we would like to get this via the metrics store. Dan is this still relevant? Can you please sync with Shirly on exact requirements? It is still relevant, but I am afraid we don't have the capacity to handle this anytime soon. |