hvisage commented on issue #12210: URL: https://github.com/apache/cloudstack/issues/12210#issuecomment-3642982930
Q: This does not segregate bad actors from each other on the same hypervisor, does it? Reason for Q: The assumption here is that the Client instances are semi under your control, to not use the root user to assign secondary IPs on the guest interfaces, correct? Also, you can't use anything like privacy extensions I would, for the sake of security, also enforce a source guest-MAC source guest-IP and destination guest-MAC Destination guest-IP filter rules on the guest interfaces. inside the hypervisor I come from a setup where I have users sharing L2 VLANs between guests, and then segregating their L2 VLANs with a firewall to the rest of the world. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
