Open Stack

On Thu, 2021-07-22 at 21:20 +0530, Gk Gk wrote:
> Hi,
> 
> I want to know if tenant isolation and overlapping ips, possible in the
> case of provider vlan networks ? 
> 

> If not, how is it different when compared
> to tenant networks of type vlan where tenant isolation is possible ?
for vlan tenant network you can have overlapping ips and tenant isolation

for provider networks however all routing between networks is providied by yoru providre routers so
you as the operator have to implent that routing in such a way that supports both of your requriement.

> Please explain.  I am confused between the two regarding their tenant
> isolation and overlapping ips features.
neutron support both for vlan tenant netwroks provided you do not violate neutron requriement that physnets never overlap.

e.g. if you have 2 port on a physical host attached to physnet 1 and phsynet 2 you must ensure that tehy are phsyically
coonnected to different top of rack swiches and physical networks in the datachenter.

if you violate this requiremetn then you can have two tenant networks with the same segementation id but differnt physnets.

from neutron point of view they are isolated but if you have muplipel physnet lables for the same phyical network in your datacenter
then tenant isolation will be broken.

some operators try to use physnets as hack for exampel to select numa ndoes on a host when usign sriov wehre tehy intentionall violate
the requriement that physical networks must never hsare an l2 broadcat domains but wehn they do that they are giving ups the ablity to do
tenant isolation.
> 
> 
> Thanks
> Kumar