incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murali Reddy <Murali.Re...@citrix.com>
Subject Re: Security Group support in Advance zone
Date Thu, 15 Nov 2012 06:54:48 GMT
Alena,

I have couple of queries on the requirements listed in the spec.

- "Shared Zone Wide SG Enabled Guest network is required  in Advance SG
enabled zone as CPVM/SSVM are using it."
 
I am not clear why CPVM/SSVM will use the shared guest network with SG.

- "No Isolated networks can be added to the Advance SG enabled zone. No
Shared Domain wide networks are allowed either."


Does this mean, there will be only one shared network in the entire SG
enabled zone? You mentioned relaxing some of these restriction as future
release plans, but was wondering why such stringent restriction. Does
overlapping CIDR's of multiple isolated network will conflict with the
security groups functionality at hypervisor level?

Thanks,
Murali

On 14/11/12 12:17 AM, "Alena Prokharchyk" <Alena.Prokharchyk@citrix.com>
wrote:

>In 2.2.x version of the cloudStack we provided support for Security Groups
>in Advance zone. The feature was temporary disabled in released versions
>of 3.0.x branch due to lack of dev and test resources needed to
>accommodate the feature to the new NaaS framework.
>
>
>Disabling the feature made an upgrade for existing 2.2.x customers using
>this network model, impossible. We are going to re-enable the feature in
>the next CS release with all the limitations accompanying it in 2.2.x
>branch.
>
>Here is the functional specification:
>
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+on+
>S
>ecurity+Groups+in+Advance+zone
>
>
>
>It reflects:
>
>* current behavior model
>* feature limitations
>* upgrade path
>* feature enhancements plan
>
>
>Please review and point out if there are any inconsistencies/unclearness
>in the spec.
>
>Anthony Xu will be the key developer for Java + Scripting part; UI
>developers haven't been assigned to the feature yet.
>
>-Alena.
>
>
>



Mime
View raw message