622a845b75
Metadata service identified an instance by its IP address which is stored in X-Forwarded-For header, and the attached router instance which is stored in X-Metadata-Provider header. A generic load balancer will not be able to insert the X-Instance-ID which is identifying the metadata requesting instance. To identify the instance, we use the following algorithm: The load balancer adds an X-Forwared-For header to the HTTP header, with the IP address of the instance. That is not enough to identify the instance as we could have overlapping IPs. The load balancer inserts an additional header - X-Metadata-Provider, which identifies the load balancer. The load balancer is an IP device and therefore cannot have overlapping IPs connected to it. So X-Metadata-Provider with the X-Forwarded-For make a unique pair, which is enough to identify the requesting instance. X-Metadata-Provider-Signature is used to authenticate the load balancer, in a similar way to X-Instance-ID-Signature with X-Instance-ID is authenticated the metadata proxy requests. DocImpact Co-authored-by: Kobi Samoray <ksamoray@vmware.com> This completes the blueprint vmware-nsxv-support Change-Id: I3ab687913acd7301c76632de69c80116c2d99cf6 |
||
---|---|---|
.. | ||
__init__.py | ||
base.py | ||
handler.py | ||
password.py | ||
vendordata_json.py |