onitake commented on issue #3557: cloud-init fails to fetch metadata when 
shared networks are present
URL: https://github.com/apache/cloudstack/issues/3557#issuecomment-522110868
   There are many different ways in which networks can be configured, and I 
agree that my point of view might not cover all use cases.
   But there's also another reason why I'd prefer cloud-init doesn't try to 
fetch metadata from a shared network: Since such a network is by definition not 
isolated, there's a higher risk that a malicious party might run a rogue DHCP 
server and a fake metadata server on the shared network and basically take over 
instances at startup. With isolated networks, this risk is much lower. This may 
not be a big risk in all cases, but limiting exposure should always be focused 

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

Reply via email to