cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chip Childers <>
Subject Re: [RFC][FS]PVLAN for isolation within a VLAN
Date Thu, 18 Apr 2013 00:59:31 GMT
On Wed, Apr 17, 2013 at 05:49:23PM -0700, Sheng Yang wrote:
> In fact that's the requirement for this design. We need this very strict
> restriction to implement isolation for the VMs. PVLAN is the way we used to
> approach this requirement.

As a user, the whole point of this type of network is to support a "backend"
management / monitoring network that can be connected to VMs regardless
of the user of the VM.  Using a VLAN per tenant isn't actually enough
even, when you consider the N-Tier apps feature.  If a user has 3
"tiers" using traditional VLAN isolation, you are basically tied to a
model of 2 VLANs per tier, burning through VLANs much faster than
necessary.  PVLANs (and the equiv via OVS flows) are the normal way to
accomplish this in a traditional hosting environment.

Sheng - +1 to this feature and the FS.  Nice work, and from someone who
will use it, glad to see it being worked on!


View raw message