Public bug reported: 'sync' in services/vpn/device_drivers/ipsec.py is called any time an interface is attached or detached from a router. This occurs whether or not the edited router hosts a VPNaaS instance.
'sync' loops through the results of 'get_vpn_services_on_host' and stops/starts all IPsec daemons on the network node that hosts the router being edited, regardless of if they're on the router being edited, or even the same tenant. An authorized user can trivially loop through the attach/detach API calls, causing the IPsec daemons for every tenant to be continuously restarted. ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1393589 Title: Attaching or detaching an interface to a router causes all VPNaaS daemons to be restarted. Status in OpenStack Neutron (virtual network service): New Bug description: 'sync' in services/vpn/device_drivers/ipsec.py is called any time an interface is attached or detached from a router. This occurs whether or not the edited router hosts a VPNaaS instance. 'sync' loops through the results of 'get_vpn_services_on_host' and stops/starts all IPsec daemons on the network node that hosts the router being edited, regardless of if they're on the router being edited, or even the same tenant. An authorized user can trivially loop through the attach/detach API calls, causing the IPsec daemons for every tenant to be continuously restarted. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1393589/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp