[openstack-dev] [Neutron] Partially Shared Networks

CARVER, PAUL pc2929 at att.com
Wed Jan 15 14:52:32 UTC 2014


Sorry for this not threading properly. I had set the Mailman config to filter on Neutron topic but it ended up filtering out everything so I only saw responses by looking at the archive. I removed the filter in Mailman and will have to filter locally on my end. But I don't have any of the original emails from the list to respond to in thread.

Anyway, Mathieu Rohon's response was interesting but not the same notion I was thinking of. I'm not talking about what various switch vendors call "private VLAN", meaning a layer two segment where any to any connectivity is deliberately prohibited. That's a useful concept, just not the use case I had in mind.

Jay's point about dealing appropriately with overlapping subnets is also important in the general case but I had a simpler use case in mind. Specifically, I was assuming (although I may not have said so) that the networks would be configured by an admin to be available to multiple tenants. I hadn't thought of the notion of a tenant making one of their networks available to another tenant.

The particular use case I have in mind concerns networks that could technically be created as admin and marked as shared and thus have only whatever network namespace considerations that apply to shared networks. The desire to make them "partially shared" has more to do with the UI (either Horizon or API access) not showing them to tenants who are not on the approved list and not permitting tenants who are not on the list to attach instances to them.

This is basically like the door list at a club. If you're not on the list you can't get into the club. But if you're on the list, once you're inside the club it's not really any different from a less exclusive club other than the fact that everybody inside was "on the list".


-- 
Paul Carver




More information about the OpenStack-dev mailing list