cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cloudstack] nvazquez opened a new pull request #3732: Enable PVLAN support on L2 networks
Date Mon, 02 Dec 2019 12:45:26 GMT
nvazquez opened a new pull request #3732: Enable PVLAN support on L2 networks
URL: https://github.com/apache/cloudstack/pull/3732
 
 
   ## Description
   Feature specification: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Private+VLAN+%28PVLAN%29+support+on+Layer+2+networks
   
   A regular VLAN is a single broadcast domain which is isolated at Layer 2. However, it has
two main limitations:
   
   A switch can have up to a theoretical maximum of 4094 VLANs (as the first and last VLANs
are reserved). This maximum number is usually lower, depending on the switch which is used.
A traditional isolation solution consists on assigning a VLAN per customer and in some scenarios,
this maximum number may not be enough to cover every customer.
   IP address management problem: as IP addresses may not be used completely when assigning
a subnet per VLAN.
   The private VLAN (PVLAN) architecture tackles these problems providing scalability and
IP address management benefits for service providers, as well as Layer 2 security for customers.
   
   PVLANs partition a VLAN domain into subdomains, these subdomains are represented by a pair:
(PRIMARY_VLAN_ID, SECONDARY_VLAN_ID). Every pair in a PVLAN share the PRIMARY_VLAN_ID.
   
   There are two types of subdomains: isolated and community subdomains.
   
   Within a PVLAN, there are three types of port designations, corresponding to the PVLAN
type:
   
   Promiscuous: An endpoint connected to a promiscuous port can communicate with any endpoint
within the PVLAN
   Isolated: An endpoint connected to an isolated port can only communicate with endpoints
connected to promiscuous ports.
   Community: An endpoint connected to a community port can communicate with another endpoint
in the same community and can also communicate with any promiscuous port but not with other
communities.
   
   The following table summarizes the communication between different PVLAN types:
   
   |   | Promiscuous  | Isolated  | Community 1  | Community 2 |
   |---|---|---|---|---|
   | Promiscuous  | ALLOW  | ALLOW  | ALLOW  | ALLOW  |
   | Isolated  | ALLOW  | DENY  | DENY  | DENY  |
   | Community 1  | ALLOW  | DENY  | ALLOW  | DENY  |
   | Community 2  | ALLOW  | DENY  | DENY  | ALLOW  |
   
   The PVLAN support already exists in CloudStack only for Shared networks in Advanced zones.
This feature allows extending the PVLAN support to Layer 2 (L2) networks in CloudStack.
   
   ## Types of changes
   <!--- What types of changes does your code introduce? Put an `x` in all the boxes that
apply: -->
   - [ ] Breaking change (fix or feature that would cause existing functionality to change)
   - [x] New feature (non-breaking change which adds functionality)
   - [ ] Bug fix (non-breaking change which fixes an issue)
   - [ ] Enhancement (improves an existing feature and functionality)
   - [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
   
   ## Screenshots (if appropriate):
   ![image](https://user-images.githubusercontent.com/5295080/69960522-710f0780-14e8-11ea-98c4-f8d71123a939.png)
   
   ## How Has This Been Tested?
   - Create L2 network selecting a VLAN ID and secondary VLAN ID as well as the PVLAN type
   - Verify PVLAN type on vSphere for the portgroup on the dvSwitch
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message