a818c41c25
In the spec we said: """ When the metadata proxy processes a request, it gathers the L2 addresses of a VM, and the source interface, and passes it to the metadata service. The Metadata service, instead of using the VM IP, uses the "VM MAC" and "Gateway MAC" to identify the instance. """ But since we switched from the home-grown metadata-ns-proxy to haproxy we no longer control some of the headers included, like X-Forwarded-For. haproxy allows us to turn X-Forwarded-For on or off, but it cannot give us an X-Forwarded-For-MAC header. Instead it seems we have to rely on the source address being the IPv6 link local address generated from the NIC's MAC address as specified in RFC 4291: https://tools.ietf.org/html/rfc4291#section-2.5.6 https://tools.ietf.org/html/rfc4291#appendix-A Note that means you cannot use IPv6 Privacy Extensions: https://tools.ietf.org/html/rfc4941 Change-Id: Ife592fcfc69e26f61ec1f45c06821cb025cc7cf2 Closes-Bug: #1460177
OpenStack Neutron
Neutron is an OpenStack project to provide "network connectivity as a service" between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., Nova).
To learn more about neutron:
- Documentation: https://docs.openstack.org/neutron/latest/
- Features: https://specs.openstack.org/openstack/neutron-specs
- Defects: https://launchpad.net/neutron
- Release notes: https://docs.openstack.org/releasenotes/neutron/index.html
- Source: https://opendev.org/openstack/neutron
Get in touch via email. Use [Neutron] in your subject.
To learn how to contribute, please read the CONTRIBUTING.rst file.