On 05/15/2015 08:32 PM, Gal Sagie wrote:
What i was describing in [2] is different, maybe the name rate-limit
is wrong here and what we are doing is more of
a brute force prevention .
We are trying to solve common scenarios for east-west security attack
vectors, for example a common vector is a
On 05/18/2015 09:54 AM, Rick Jones wrote:
On 05/15/2015 08:32 PM, Gal Sagie wrote:
What i was describing in [2] is different, maybe the name rate-limit
is wrong here and what we are doing is more of
a brute force prevention .
We are trying to solve common scenarios for east-west security attack
On 05/18/2015 02:01 PM, Chris Friesen wrote:
On 05/18/2015 09:54 AM, Rick Jones wrote:
Interestingly enough, what I've come across mostly (virtually
entirely) has been compromised instances being used in sending
spewage out onto the Big Bad Internet (tm).
One thing I was thinking about to
Hello Rick,
First, we jumped into a different discussion as i was pointed out by Carl
so lets continue this on another thread (Sorry everyone)
But to your question:
There are two topics here, first on a Neutron API level there is no way to
define rate-limit for ports (at least that i know of).
] Neutron API rate limiting
On 05/14/2015 08:32 PM, Kevin Benton wrote:
There isn't anything in neutron at this point that does that. I think
the assumption so far is that you could rate limit at your load
balancer or whatever distributes requests to neutron servers.
Right, which a lot
From: Carl Baldwin [c...@ecbaldwin.net]
Sent: Thursday, May 14, 2015 9:10 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [neutron] Neutron API rate limiting
@Gal, your proposal sounds like packet or flow rate limiting of data
On 05/14/2015 08:32 PM, Kevin Benton wrote:
There isn't anything in neutron at this point that does that. I think
the assumption so far is that you could rate limit at your load balancer
or whatever distributes requests to neutron servers.
Right, which a lot of sense given the horizontally
On May 14, 2015 9:26 PM, Gal Sagie
gal.sa...@gmail.commailto:gal.sa...@gmail.com wrote:
Hello Ryan,
We have proposed a spec to liberty to add rate limit functionality to security
groups [1].
We see two big use cases for it, one as you mentioned is DDoS for east-west and
another
is brute force
There isn't anything in neutron at this point that does that. I think the
assumption so far is that you could rate limit at your load balancer or
whatever distributes requests to neutron servers.
On May 14, 2015 5:26 PM, Tidwell, Ryan ryan.tidw...@hp.com wrote:
I was batting around some ideas
I was batting around some ideas regarding IPAM functionality, and it occurred
to me that rate-limiting at an API level might come in handy and as an example
might help provide one level of defense against DoS for an external IPAM
provider that Neutron might make calls off to. I'm simply using
Hello Ryan,
We have proposed a spec to liberty to add rate limit functionality to
security groups [1].
We see two big use cases for it, one as you mentioned is DDoS for east-west
and another
is brute force prevention (for example port scanning).
We are re-writing the spec as an extension to the
@Gal, your proposal sounds like packet or flow rate limiting of data
through a port. What Ryan is proposing is rate limiting of api requests to
the server. They are separate topics, each may be a valid need on its own
but should be considered separately.
@Ryan, I tend to agree that rate
12 matches
Mail list logo