incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: [PROPOSAL][CLOUDSTACK-1456] SG Isolation in Advanced Zone for VMWare Hypervisor using PVLANs
Date Tue, 12 Mar 2013 05:49:25 GMT
As far as I can tell most of the requirements can NOT be satisfied by
PVLAN.
The only thing PVLAN can do is:
1. Restrict a VM's traffic to the upstream router
2. Restrict a VM's traffic to a set of Vms on the same physical VLAN.

PVLAN does not offer any L4 access control, nor can it work across L3
domains.
Of the 4 use cases, the first one can be supported in a limited fashion
(no security groups, but restricting Vms from communicating using L2
isolation).

On 2/28/13 1:35 PM, "Manan Shah" <manan.shah@citrix.com> wrote:

>Hi,
>
>I would like to propose a new feature for adding SG Isolation support for
>VMWare Hypervisor using PVLANs. I have created a JIRA ticket and provided
>the requirements at the following location. Please provide feedback on the
>requirements.
>
>JIRA Ticket: 
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/SG+Isolation+in+Adv
>a
>nced+Zone+for+VMWare+Hypervisor+using+PVLANs
>Requirements: 
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/SG+Isolation+in+Adv
>a
>nced+Zone+for+VMWare+Hypervisor+using+PVLANs
>
>Regards,
>Manan Shah
>
>
>
>
>
>
>
>
>


Mime
View raw message