You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Artem Harutyunyan (JIRA)" <ji...@apache.org> on 2016/02/01 21:19:42 UTC
[jira] [Updated] (MESOS-4344) Allow operators to assign net_cls
major handles to mesos agents
[ https://issues.apache.org/jira/browse/MESOS-4344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Artem Harutyunyan updated MESOS-4344:
-------------------------------------
Sprint: Mesosphere Sprint 27, Mesosphere Sprint 28 (was: Mesosphere Sprint 27)
> Allow operators to assign net_cls major handles to mesos agents
> ---------------------------------------------------------------
>
> Key: MESOS-4344
> URL: https://issues.apache.org/jira/browse/MESOS-4344
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: Avinash Sridharan
> Assignee: Avinash Sridharan
> Labels: container, mesosphere
>
> The net_cls cgroup associates a 16-bit major and 16-bit minor network handle to packets originating from tasks associated with a specific net_cls cgroup. In mesos we need to give the operator the ability to fix the 16-bit major handle used in an agent (the minor handle will be allocated by the agent. See MESOS-4345). Fixing the parent handle on the agent allows operators to install default firewall rules using the parent handle to enforce a default policy (say DENY ALL) for all container traffic till the container is allocated a minor handle.
> A simple way to achieve this requirement is to pass the major handle as a flag to the agent at startup.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)