<div dir="ltr">I suspect a "BaaS" (Bridge-as-a-service) proposal is lurking in this thread.<div><br></div><div>While the idea of yet-another-aas is probably not desirable at this time, it might be worth trying and understand - from an exclusively logical perspective (ie: the API consumer point of view) - what would be the difference between having a single logical network shared across a number of tenants, and a group of distinct networks interconnected by bridge ports.</div><div><br></div><div>I've tried in the past to look at "unique" use cases for a network bridge feature; it might seem important to enforce that all the traffic between two network goes through a predefined channel where security and traffic shaping policies might be applied. On the other hand, I believe the same result can be achieved - in the logical model - with features such as security groups. This unless the Neutron API consumer explicitly wants to describe a topology where all the traffic is forced to flow through a specific logical appliance, but then we'll descend in the NFV/SFC/etc area.</div><div><br></div><div>Another thing to keep in mind is that routers can be used to this aim, but - as Anik correctly noted - this is an admin-only feature at the moment. Allowing router owners to interconnect other tenants' networks, leveraging concepts such as keystone groups, is something that should be a natural evolution of the RBAC work.</div><div>Still, this will leave us with a L3 interconnection, and not a direct L2 network-network connection.</div><div><br></div><div>Salvatore</div><div><div class="gmail_extra"><br><div class="gmail_quote">On 2 June 2015 at 18:58, Fawad Khaliq <span dir="ltr"><<a href="mailto:fawad@plumgrid.com" target="_blank">fawad@plumgrid.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Great!<div>A correction here: RBAC proposal does address some of the use cases on interconnecting tenants. <div class="gmail_extra"><br clear="all"><div><div><div dir="ltr">Fawad Khaliq<div><br></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jun 2, 2015 at 9:41 PM, Anik <span dir="ltr"><<a href="mailto:anikm99@yahoo.com" target="_blank">anikm99@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:13px"><div dir="ltr"><span>That's exactly what I was asking for. Thanks Fawad.</span></div><div> </div><div><div>Regards,</div>  <div>Anik</div>  <div>201-245-1569</div></div><br><div>  </div><div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:13px"><div> </div><div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div> <div dir="ltr"> <hr size="1">  <font face="Arial" size="2"> <b><span style="font-weight:bold">From:</span></b> Fawad Khaliq <<a href="mailto:fawad@plumgrid.com" target="_blank">fawad@plumgrid.com</a>><br> <b><span style="font-weight:bold">To:</span></b> OpenStack Development Mailing List (not for usage questions) <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>> <br><b><span style="font-weight:bold">Cc:</span></b> Anik <<a href="mailto:anikm99@yahoo.com" target="_blank">anikm99@yahoo.com</a>> <br> <b><span style="font-weight:bold">Sent:</span></b> Tuesday, June 2, 2015 9:29 AM<br> <b><span style="font-weight:bold">Subject:</span></b> Re: [openstack-dev] Interconnecting projects<br> </font> </div></div><div><div class="h5"><div><div> <div><br><div><div><div dir="ltr"><div><br clear="none"><div>On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller <span dir="ltr"><<a rel="nofollow" shape="rect" href="mailto:amuller@redhat.com" target="_blank">amuller@redhat.com</a>></span> wrote:<br clear="none"><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Check out:<br clear="none">
<a rel="nofollow" shape="rect" href="http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html" target="_blank">http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html</a></blockquote><div>If I understand correctly, what Anik is probably asking for is way to connect two OpenStack projects together from a network point of view, where a private network in Project1 can be connected to a Router in  Project2. AFAIK, I don't think we are planning to expose such model in RBAC where a tenant (non-admin) has a way control who can see/connect-to his/her resources.</div><div><br clear="none"></div><div>@Anik, please correct me if I am wrong. </div><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br clear="none">
<br clear="none">
Kevin is trying to solve exactly this problem. We're really hoping to land it in<br clear="none">
time for Liberty.<br clear="none">
<br clear="none">
----- Original Message -----<br clear="none">
> Hi,<br clear="none">
><br clear="none">
> Trying to understand if somebody has come across the following scenario:<br clear="none">
><br clear="none">
> I have a two projects: Project 1 and Project 2<br clear="none">
><br clear="none">
> I have a neutron private network in Project 1, that I want to connect that<br clear="none">
> private network to a neutron port in Project 2.<br clear="none">
><br clear="none">
> This does not seem to be possible without using admin credentials. I am not<br clear="none">
> talking about a shared provider network here.<br clear="none">
><br clear="none">
> It seems that the problem lies in the fact that there is no data model today<br clear="none">
> that lets one Project have knowledge about any other Project inside the same<br clear="none">
> OpenStack region.<br clear="none">
><br clear="none">
> Any pointers there will be helpful.<br clear="none">
> Regards,<br clear="none">
> Anik<br clear="none">
> 201-245-1569<br clear="none">
><br clear="none">
> __________________________________________________________________________<br clear="none">
> OpenStack Development Mailing List (not for usage questions)<br clear="none">
> Unsubscribe: <a rel="nofollow" shape="rect" href="http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br clear="none">
> <a rel="nofollow" shape="rect" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><div><br><br></div><div><br clear="none">
><br clear="none">
<br clear="none">
__________________________________________________________________________<br clear="none">
OpenStack Development Mailing List (not for usage questions)<br clear="none">
Unsubscribe: <a rel="nofollow" shape="rect" href="http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br clear="none">
<a rel="nofollow" shape="rect" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
</div></blockquote></div><div><br clear="none"></div></div></div></div></div><br><br></div> </div></div></div></div></div> </div>  </div></div></blockquote></div><br></div></div></div>
<br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div></div>