[Openstack] multiple floating ip pools
Vishvananda Ishaya
vishvananda at gmail.com
Fri Mar 30 18:18:37 UTC 2012
Floating ip pools allow you to specify a different ip range and bind interface for sets of ips, so it will work for segregation purposes.
There isn't policy acl on which pool the ip comes from but it could be added. The policy wrapping in the network layer is very basic right now. The underlying objects aren't passed in so we can't set policies based on (for example) pool name. If/when the policy wrapping is improved to include more information that is a possibility.
Vish
On Mar 30, 2012, at 6:23 AM, Kevin Jackson wrote:
> I'm also interested in providing multiple floating IP pools. Is this something that is achievable or conceived?
>
> My use case is as follows:
>
> Each tenant gets its own private VLAN and address space, so intercommunication between each tenant is able to be segregated.
> On assignment of public floating IPs though this segregation breaks down.
>
> To put this into context, I'd like to be able to have, say, a "Production" tenant and a "Development" tenant. Inter-communication between the two should be prohibited.
> As soon as I assign a floating IP address, this model breaks down.
>
> I noticed that nova-manage floating create has a ' --pool=<pool> Optional pool ' option. How is this used? Does this help solve my problem?
>
> Cheers,
>
> Kev
>
>
> On 6 February 2012 18:46, Xu (Simon) Chen <xchenum at gmail.com> wrote:
> Hi all,
>
> I am running devstack and got a dev instance of OpenStack running.
>
> I am happy to see the concept of multiple floating IP pools, and the per-floating-ip interface in the trunk, which I consider a very good basis for my blueprint proposal here:
> https://blueprints.launchpad.net/nova/+spec/multi-network-without-multi-nic
>
> I have a quick question. Is there a plan (or maybe it's already there) for access control whether a project is allowed to take floating IPs from a pool?
>
> Thanks!
> -Simon
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
>
>
> --
> Kevin Jackson
> @itarchitectkev
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120330/cea9b740/attachment.html>
More information about the Openstack
mailing list