Fox, Kevin M <Kevin.Fox@...> writes: > > Hi Tomas, > > The using external addresses per tenant router is a feature to a lot of sites, like ours. We want to know for > sure, at minimum, which tenant was responsible for bad activity on the external network. Having the > external address tied to a tenant router allows you to track bad activity back at least to the ip, then to the > tenant router. You won't be able to tell which vm's of the tenant performed the bad activity because of the > snat, but you at least have some to talk to about it, instead of your local security friends asking you to > unplug the whole cloud. > > Thanks, > Kevin
Hi Kevin! Don't worry, I also had this in mind. We do traffic logging at the datacenter's firewall, so using a private IP per tenant router would still satisfy this requirement. Tomas _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
