Return-Path: 
 <dev-return-38818-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C003D10C3A
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Tue, 23 Jul 2013 17:33:55 +0000 (UTC)
Received: (qmail 97833 invoked by uid 500); 23 Jul 2013 17:33:55 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 97798 invoked by uid 500); 23 Jul 2013 17:33:55 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 97790 invoked by uid 99); 23 Jul 2013 17:33:55 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jul 2013 17:33:55 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED
X-Spam-Check-By: apache.org
Received-SPF: error (athena.apache.org: local policy)
Received: from [74.125.149.75] (HELO na3sys009aog105.obsmtp.com)
 (74.125.149.75)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jul 2013 17:33:47 +0000
Received: from mail-vb0-f47.google.com ([209.85.212.47]) (using TLSv1) by
 na3sys009aob105.postini.com ([74.125.148.12]) with SMTP
	ID DSNKUe6+U9FRr8h8JKYnepNYMlghPR8zidha@postini.com;
 Tue, 23 Jul 2013 10:33:27 PDT
Received: by mail-vb0-f47.google.com with SMTP id x14so5683679vbb.20
        for <dev@cloudstack.apache.org>; Tue, 23 Jul 2013 10:33:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-type:content-disposition:in-reply-to:user-agent
         :x-gm-message-state;
        bh=bDy/85EfvdJiH8eWbUfk5WsVJYLxoke/susUn7hGheA=;
        b=AWNZRBh2qw1vnk0b9pXNQ+5rUwTKKX60XE1Djoxq9OadO4oLSndssVl6H95zk6qALp
         iuOqRmRaNKR1ScOcnCMhK+SGpxz8jPR/gkBaJjRQjW+VhnC3f9j8WU71PqXB33qarGZU
         O73ulDhG2BoxIXtJnLiVy/i8HAGB7I58+8S3WZpqz/H24hlh5/M79ZO07nCrSWVbbpJo
         8izSi23mB/9qoKHPP4ism2YG3IFy5PInu9q2PSCEC859zKcV9IIrDivTt7u/9eE4Xxiv
         wJKj/bygr7hBRHwIYQo3wVsCKoIMPbB+HFIb/aTvvc/oOKXJPnBDQiObsZNHXyK/9/6i
         YliQ==
X-Received: by 10.220.183.10 with SMTP id ce10mr11656570vcb.41.1374600786474;
        Tue, 23 Jul 2013 10:33:06 -0700 (PDT)
X-Received: by 10.220.183.10 with SMTP id ce10mr11656566vcb.41.1374600786417;
        Tue, 23 Jul 2013 10:33:06 -0700 (PDT)
Received: from localhost ([216.203.6.11])
        by mx.google.com with ESMTPSA id
 gb10sm11368427vdc.6.2013.07.23.10.33.05
        for <multiple recipients>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Tue, 23 Jul 2013 10:33:05 -0700 (PDT)
Date: Tue, 23 Jul 2013 13:33:03 -0400
From: Chip Childers <chip.childers@sungard.com>
To: dev@cloudstack.apache.org
Cc: Nguyen Anh Tu <ng.tuna@gmail.com>
Subject: Re: [Proposal] Routing between guest networks in VLAN isolation
 method.
Message-ID: <20130723173303.GB75730@USLT-205755.sungardas.corp>
References: 
 <CA+PKkn1e14UsPLBVyJy17Lr7RgW=2MzF_nhKkdA4LE1XJ7wY0w@mail.gmail.com>
 <CAKprHVYps3yo6RFUAgkkCW3LYzQCXMa34fu=j73+-e73tXJBEA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
 <CAKprHVYps3yo6RFUAgkkCW3LYzQCXMa34fu=j73+-e73tXJBEA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Gm-Message-State: 
 ALoCoQmEgY2V8GPrP/ok0B2hH1yoSna1Dkg6T/7k673QzFTn6tVaLmK4yYOD8Hdt37cqehm/PJiZ3vDK8x2Esac1ghNX3jI+H0pIgqmTZi6k1S8v+7Rkm3Rz/bWK1rTqnY0AA+YmYoqCuWIre7Zd17Ug0+bXoE4MbV3ffftyKEw+8gNjv2VaVvM=
X-Virus-Checked: Checked by ClamAV on apache.org

On Tue, Jul 23, 2013 at 01:26:08PM -0400, David Nalley wrote:
> On Tue, Jul 23, 2013 at 1:21 PM, Nguyen Anh Tu <ng.tuna@gmail.com> wrote:
> > Hi guys,
> >
> > I write a proposal about implementing routing method for guest networks
> > using VLAN isolation. At the moment, they can reach each other due to
> > interVLAN routing in VPC model, but can not in Guest network model. So the
> > key point is make some static routes between them, including iptables rules
> > for filtering ports and protocols. Please take a look on my proposal, link
> > below.
> >
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Routing+between+Guest+networks
> >
> 
> Isn't this exactly the case that VPC is designed to solve?
> What's the benefit of doing this? If we did this, would we continue using VPC?
> 
> --David
> 

Well right now, the main issue is that VPC follows the AWS VPC concepts
of allocating a single block for the VPC.  This isn't actually flexible
enough for some environments, and Nguyen's proposal is something that I've
been looking into myself.

Nguyen, when you state "All configurations are done by admin only.",
which admin?  Root?  If root only, why?