[Openstack] vm isolation in same tenant network

Marco Mariani marco.mariani at alterway.fr
Wed Jul 8 09:28:35 UTC 2015


2015-07-07 23:46 GMT+02:00 Salvatore Orlando <sorlando at nicira.com>:

Even if VMs are in the same logical network, it should be possible to do
> isolation associating them with different security groups, in your case N
> security groups.
> For instance if VM1 and VM2 are associated respectively with security
> group SG1 and SG2, and this security group only have the default rules plus
> one for enabling connectivity with VM0, VM1 should not reach VM2. If this
> happens something is not quite right.
>

Indeed, I found my mistake.
I had left the "default" group - which does not only contain the default
egress rules, but also "Ingress / IPv4 / Any / default".

Without that, I don't even need separate groups but can assign the same one
to all the VMs, and that's great!

Thanks again to you and Kevin
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150708/3d94196a/attachment.html>


More information about the Openstack mailing list