[ https://issues.apache.org/jira/browse/YARN-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16314127#comment-16314127 ]
Wangda Tan commented on YARN-7468: ---------------------------------- Thanks [~xgong], 1) Instead of reusing OutboundBandwidthResourceHandler, suggest to directly implement tagging class from ResourceHandler since OutboundBandwidthResourceHandler is an empty class. 2) In the configuration, suggest to add new configs to yarn.nodemanager.network-tagging.*, and not touch existing configs. 3) Similarly, inside ResourceHandlerModule, add a new method (like getNetworkTaggingHandler). 4) Inside NetworkPacketTaggingHandlerImpl, it looks like the containerIdClassIdMap is not read by anyone, I think we can simplify the impl a bit by removing containerIdClassIdMap, we may not need to do anything inside reacquireContainer as well. 5) Suggestion to NetworkTagMappingParser: I think what we really need is not a parser, instead we need an abstract to get classid from Container. So I recommend to: - initial -> initialize - getNetworkTagID, changing parameter from username to {{org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container}} > Provide means for container network policy control > -------------------------------------------------- > > Key: YARN-7468 > URL: https://issues.apache.org/jira/browse/YARN-7468 > Project: Hadoop YARN > Issue Type: Task > Components: nodemanager > Reporter: Clay B. > Assignee: Xuan Gong > Priority: Minor > Attachments: YARN-7468.trunk.1.patch, YARN-7468.trunk.1.patch, > YARN-7468.trunk.2.patch, YARN-7468.trunk.2.patch, [YARN-7468] [Design] > Provide means for container network policy control.pdf > > > To prevent data exfiltration from a YARN cluster, it would be very helpful to > have "firewall" rules able to map to a user/queue's containers. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org