[
https://issues.apache.org/jira/browse/MESOS-4344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Artem Harutyunyan updated MESOS-4344:
-------------------------------------
Sprint: Mesosphere Sprint 27, Mesosphere Sprint 28 (was: Mesosphere Sprint
27)
> Allow operators to assign net_cls major handles to mesos agents
> ---------------------------------------------------------------
>
> Key: MESOS-4344
> URL: https://issues.apache.org/jira/browse/MESOS-4344
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: Avinash Sridharan
> Assignee: Avinash Sridharan
> Labels: container, mesosphere
>
> The net_cls cgroup associates a 16-bit major and 16-bit minor network handle
> to packets originating from tasks associated with a specific net_cls cgroup.
> In mesos we need to give the operator the ability to fix the 16-bit major
> handle used in an agent (the minor handle will be allocated by the agent. See
> MESOS-4345). Fixing the parent handle on the agent allows operators to
> install default firewall rules using the parent handle to enforce a default
> policy (say DENY ALL) for all container traffic till the container is
> allocated a minor handle.
> A simple way to achieve this requirement is to pass the major handle as a
> flag to the agent at startup.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
