[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpensShift SDN



Dan 

One question 

Masters also using same port for VLLAN communication with nodes right? If we block the port from internal and external subnets but if we put masters in internal network, they won’t be abel to talk to external nodes or vise verse right? 

One solution could be put masters in another subnet and control access between master, internal and external subnets. Any other better approach without doing this? 

-- 
Srinivas Kotaru






On 1/14/16, 11:03 AM, "Srinivas Naga Kotaru (skotaru)" <skotaru cisco com> wrote:

>Thank you Dan. It is all clear now.
>
>It is much better solution rather installing 2 separate cluster installations on each data center just to isolate Internal Vs External traffic.
>
>Appreciated Dan..
>
>
>Srinivas Kotaru
>
>
>
>
>
>
>On 1/14/16, 10:00 AM, "Dan Winship" <danw redhat com> wrote:
>
>>On 01/14/2016 12:56 PM, Srinivas Naga Kotaru (skotaru) wrote:
>>> Thanks Dan for info. Are you saying we need to block VXLAN port using traditional subnet firewall between Internal <-> External Nodes?
>>
>>Yes. (Though I assume your firewall is already doing this.)
>>
>>> Is it block 4789 port between subnets ? Any impact blocking 4789 port apart from blocking Internal <—> External communication?
>>
>>Yes (UDP). No other effect.
>>
>>-- Dan
>>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]