Open Stack

On 22 March 2015 at 07:48, Jay Pipes <jaypipes at gmail.com> wrote:

> On 03/20/2015 05:16 PM, Kevin Benton wrote:
>
>> To clarify a bit, we obviously divide lots of things by tenant (quotas,
>> network listing, etc). The difference is that we have nothing right now
>> that has to be unique within a tenant. Are there objects that are
>> uniquely scoped to a tenant in Nova/Glance/etc?
>>
>
> Yes. Virtually everything is :)


Everything is owned by a tenant.  Very few things are one per tenant, where
is where this feels like it's leading.

Seems to me that an address pool corresponds to a network area that you can
route across (because routing only works over a network with unique
addresses and that's what an address pool does for you).  We have those
areas and we use NAT to separate them (setting aside the occasional
isolated network area with no external connections).  But NAT doesn't
separate tenants, it separates externally connected routers: one tenant can
have many of those routers, or one router can be connected to networks in
both tenants.  We just happen to frequently use the one external router per
tenant model, which is why address pools *appear* to be one per tenant.  I
think, more accurately, an external router should be given an address pool,
and tenants have nothing to do with it.
-- 
Ian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150322/76b26bc9/attachment.html>