mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Avinash Sridharan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-4344) Allow operators to assign net_cls major handles to mesos agents
Date Thu, 14 Jan 2016 17:53:39 GMT

     [ https://issues.apache.org/jira/browse/MESOS-4344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Avinash Sridharan updated MESOS-4344:
-------------------------------------
    Description: 
The net_cls cgroup associates a 16-bit major and 16-bit minor network handle to packets originating
from tasks associated with a specific net_cls cgroup. In mesos we need to give the operator
the ability to fix the 16-bit major handle used in an agent (the minor handle will be allocated
by the agent. See MESOS-4345). Fixing the parent handle on the agent allows operators to install
default firewall rules using the parent handle to enforce a default policy (say DENY ALL)
for all container traffic till the container is allocated a minor handle. 

A simple way to achieve this requirement is to pass the major handle as a flag to the agent
at startup. 

  was:
The net_cls cgroup allows operators to assign a 16-bit major and 16-bit minor network handle
to tasks associated with a specific net_cls cgroup. In mesos we need to give the operator
the ability to fix the 16-bit major handle used in an agent. Fixing the parent handle on the
agent allows operators to install default firewall rules using the parent handle to enforce
a default policy (say DENY ALL) for all container traffic till the container is allocated
a minor handle. 

A simple way to achieve this requirement is to pass the major handle as a flag to the agent
at startup. 


> Allow operators to assign net_cls major handles to mesos agents
> ---------------------------------------------------------------
>
>                 Key: MESOS-4344
>                 URL: https://issues.apache.org/jira/browse/MESOS-4344
>             Project: Mesos
>          Issue Type: Improvement
>          Components: containerization
>            Reporter: Avinash Sridharan
>            Assignee: Avinash Sridharan
>              Labels: container, mesosphere
>
> The net_cls cgroup associates a 16-bit major and 16-bit minor network handle to packets
originating from tasks associated with a specific net_cls cgroup. In mesos we need to give
the operator the ability to fix the 16-bit major handle used in an agent (the minor handle
will be allocated by the agent. See MESOS-4345). Fixing the parent handle on the agent allows
operators to install default firewall rules using the parent handle to enforce a default policy
(say DENY ALL) for all container traffic till the container is allocated a minor handle. 
> A simple way to achieve this requirement is to pass the major handle as a flag to the
agent at startup. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message