In the months since this was opened there's been some progress on the "be careful" front by way of https://review.openstack.org/#/c/100151/ - in which we defined a spec for having a "public" vip for the public services. This makes controlling access to the services much easier as there's a clear separation.
More recently we've also noticed cases where other services (particularly dnsmasq) listen on the public interface and can be used for things like dns-amplification attacks. This is suboptimal, but it seems as though the "be careful" strategy should be useful here too.
In the months since this was opened there's been some progress on the "be careful" front by way of https:/ /review. openstack. org/#/c/ 100151/ - in which we defined a spec for having a "public" vip for the public services. This makes controlling access to the services much easier as there's a clear separation.
More recently we've also noticed cases where other services (particularly dnsmasq) listen on the public interface and can be used for things like dns-amplification attacks. This is suboptimal, but it seems as though the "be careful" strategy should be useful here too.