Dan One question
Masters also using same port for VLLAN communication with nodes right? If we block the port from internal and external subnets but if we put masters in internal network, they won’t be abel to talk to external nodes or vise verse right? One solution could be put masters in another subnet and control access between master, internal and external subnets. Any other better approach without doing this? -- Srinivas Kotaru On 1/14/16, 11:03 AM, "Srinivas Naga Kotaru (skotaru)" <[email protected]> wrote: >Thank you Dan. It is all clear now. > >It is much better solution rather installing 2 separate cluster installations >on each data center just to isolate Internal Vs External traffic. > >Appreciated Dan.. > > >Srinivas Kotaru > > > > > > >On 1/14/16, 10:00 AM, "Dan Winship" <[email protected]> wrote: > >>On 01/14/2016 12:56 PM, Srinivas Naga Kotaru (skotaru) wrote: >>> Thanks Dan for info. Are you saying we need to block VXLAN port using >>> traditional subnet firewall between Internal <-> External Nodes? >> >>Yes. (Though I assume your firewall is already doing this.) >> >>> Is it block 4789 port between subnets ? Any impact blocking 4789 port apart >>> from blocking Internal <—> External communication? >> >>Yes (UDP). No other effect. >> >>-- Dan >> _______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
