Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support disabling inactive links #6

Merged
merged 5 commits into from
Aug 31, 2018
Merged

Support disabling inactive links #6

merged 5 commits into from
Aug 31, 2018

Conversation

markgoddard
Copy link

No description provided.

@markgoddard
Set branch name to stable/pike in tox_install.sh
fe4929a 
Change-Id: I20a78d7ff336dc337a5532637cd1efca55c4c79a
@markgoddard
Use stable/pike upper constraints file
3df9a5d 
Change-Id: Iba0cd96565e51320a25aa597a36b38f99ca1a398
@markgoddard
Add a TravisCI configuration file to test downstream changes
cd0fa3c 
Change-Id: I7911379d88305bb8d2c6ffccb1f56982156fdb3f
@markgoddard
Support disabling inactive links
e373156 
Currently, when a port is unbound by NGS, this is typically implemented
by removing the VLAN association from the corresponding switch
interface. This puts the interface on the default VLAN of the switch,
and leaves it administratively up (active). This may be an issue in some
scenarios, such as:

* If there is more than one interface on the server, subsequent
  instances may choose not to attach a network to one or more
  interfaces. If these interfaces are active on a default VLAN this
  would be a security hole.

* If configuration of an interface fails but is silently ignored by NGS,
  the interface will remain on the default VLAN.

To avoid these issues this change adds support for administratively
disabling ports when they are not in use. This behaviour is optional,
since it might not be appropriate on all devices or in all scenarios.
Configuration of the behaviour is controlled by a per-device config
flag, 'ngs_disable_inactive_ports'.

Change-Id: Ibdbb871d7f3e9ad0d3ade1049cc09a2da5e36fab
Story: 2003391
Task: 24511
@markgoddard
Support disabling inactive links for Juniper
25fb79c 
Adds the necessary code to the Juniper Junos device driver to support
disabling inactive links. This feature is enabled by setting the
per-device config flag 'ngs_disable_inactive_ports'.

Change-Id: I636613d0c910d10601422ad094f835c17a606e37
Story: 2003391
Task: 24933
@markgoddard markgoddard self-assigned this Aug 30, 2018
@markgoddard markgoddard requested a review from jovial August 30, 2018 14:56
oneswig
oneswig approved these changes Aug 31, 2018
View reviewed changes
Copy link
Member

@oneswig oneswig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question - are there any circumstances where (if it is configured) DELETE_PORT is not immediately followed by DISABLE_PORT? Similarly for ENABLE_PORT and PLUG_PORT_TO_NETWORK?

@markgoddard
Copy link
Author

@oneswig good question, but no there are not.

@markgoddard markgoddard merged commit b5b1790 into stackhpc/pike Aug 31, 2018
@markgoddard markgoddard deleted the cauterise-links branch August 31, 2018 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oneswig oneswig oneswig approved these changes

@jovial jovial Awaiting requested review from jovial

Assignees

@markgoddard markgoddard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markgoddard @oneswig