On 05/18/2015 02:01 PM, Chris Friesen wrote:
On 05/18/2015 09:54 AM, Rick Jones wrote:
Interestingly enough, what I've come across mostly (virtually
entirely) has been compromised instances being used in sending
spewage out onto the Big Bad Internet (tm).
One thing I was thinking about to det
On 05/18/2015 09:54 AM, Rick Jones wrote:
On 05/15/2015 08:32 PM, Gal Sagie wrote:
What i was describing in [2] is different, maybe the name "rate-limit"
is wrong here and what we are doing is more of
a "brute force prevention" .
We are trying to solve common scenarios for east-west security att
On 05/15/2015 08:32 PM, Gal Sagie wrote:
What i was describing in [2] is different, maybe the name "rate-limit"
is wrong here and what we are doing is more of
a "brute force prevention" .
We are trying to solve common scenarios for east-west security attack
vectors, for example a common vector is
Hello Rick,
First, we jumped into a different discussion as i was pointed out by Carl
so lets continue this on another thread (Sorry everyone)
But to your question:
There are two topics here, first on a Neutron API level there is no way to
define rate-limit for ports (at least that i know of).
Th
] Neutron API rate limiting
On 05/14/2015 08:32 PM, Kevin Benton wrote:
> There isn't anything in neutron at this point that does that. I think
> the assumption so far is that you could rate limit at your load
> balancer or whatever distributes requests to neutron servers.
Right,
On May 14, 2015 9:26 PM, "Gal Sagie"
mailto:gal.sa...@gmail.com>> wrote:
Hello Ryan,
We have proposed a spec to liberty to add rate limit functionality to security
groups [1].
We see two big use cases for it, one as you mentioned is DDoS for east-west and
another
is brute force prevention (for
On 05/14/2015 08:32 PM, Kevin Benton wrote:
> There isn't anything in neutron at this point that does that. I think
> the assumption so far is that you could rate limit at your load balancer
> or whatever distributes requests to neutron servers.
Right, which a lot of sense given the horizontally s
From: Carl Baldwin [c...@ecbaldwin.net]
Sent: Thursday, May 14, 2015 9:10 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [neutron] Neutron API rate limiting
@Gal, your proposal sounds like packet or flow rate limiting of data
@Gal, your proposal sounds like packet or flow rate limiting of data
through a port. What Ryan is proposing is rate limiting of api requests to
the server. They are separate topics, each may be a valid need on its own
but should be considered separately.
@Ryan, I tend to agree that rate limiting
Hello Ryan,
We have proposed a spec to liberty to add rate limit functionality to
security groups [1].
We see two big use cases for it, one as you mentioned is DDoS for east-west
and another
is brute force prevention (for example port scanning).
We are re-writing the spec as an extension to the c
There isn't anything in neutron at this point that does that. I think the
assumption so far is that you could rate limit at your load balancer or
whatever distributes requests to neutron servers.
On May 14, 2015 5:26 PM, "Tidwell, Ryan" wrote:
> I was batting around some ideas regarding IPAM fun
I was batting around some ideas regarding IPAM functionality, and it occurred
to me that rate-limiting at an API level might come in handy and as an example
might help provide one level of defense against DoS for an external IPAM
provider that Neutron might make calls off to. I'm simply using I
12 matches
Mail list logo