<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi all, <div>I'm trying to create an advanced architecture with Nova, that uses several projects per user, and multiple networks (one network per project)</div><div>The networks have their own vlan : </div><div><div>id <span class="Apple-tab-span" style="white-space:pre"> </span>IPv4 <span class="Apple-tab-span" style="white-space:pre"> </span>IPv6 <span class="Apple-tab-span" style="white-space:pre"> </span>start address <span class="Apple-tab-span" style="white-space:pre"> </span>DNS1 <span class="Apple-tab-span" style="white-space:pre"> </span>DNS2 <span class="Apple-tab-span" style="white-space:pre"> </span>VlanID <span class="Apple-tab-span" style="white-space:pre"> </span>project <span class="Apple-tab-span" style="white-space:pre"> </span>uuid </div><div>12 <span class="Apple-tab-span" style="white-space:pre"> </span>192.168.2.0/24 <span class="Apple-tab-span" style="white-space:pre"> </span>None <span class="Apple-tab-span" style="white-space:pre"> </span>192.168.2.3 <span class="Apple-tab-span" style="white-space:pre"> </span>None <span class="Apple-tab-span" style="white-space:pre"> </span>None <span class="Apple-tab-span" style="white-space:pre"> </span>100 <span class="Apple-tab-span" style="white-space:pre"> </span>first_project <span class="Apple-tab-span" style="white-space:pre"> </span>None </div><div>13 <span class="Apple-tab-span" style="white-space:pre"> </span>192.168.3.0/27 <span class="Apple-tab-span" style="white-space:pre"> </span>None <span class="Apple-tab-span" style="white-space:pre"> </span>192.168.3.3 <span class="Apple-tab-span" style="white-space:pre"> </span>None <span class="Apple-tab-span" style="white-space:pre"> </span>None <span class="Apple-tab-span" style="white-space:pre"> </span>50 <span class="Apple-tab-span" style="white-space:pre"> </span>another_project<span class="Apple-tab-span" style="white-space:pre"> </span>None </div></div><div><br></div><div>It looks like while the first project runs wells (creates instances have connectivity and can be reached), while the instances created via the second project are unreacheable.</div><div>Both have the right SG rules, and both networks create the rights VLANS : </div><div><br></div><div><b># /proc/net/vlan/config</b></div><div><div>VLAN Dev name<span class="Apple-tab-span" style="white-space:pre"> </span> | VLAN ID</div><div>Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD</div><div>vlan100 | 100 | eth0</div><div>vlan50 | 50 | eth0</div></div><div><br></div><div><div><b># brctl show</b></div><div>br100<span class="Apple-tab-span" style="white-space:pre"> </span>8000.02163e137a78<span class="Apple-tab-span" style="white-space:pre"> </span>no<span class="Apple-tab-span" style="white-space:pre"> </span>vlan100</div><div>br50<span class="Apple-tab-span" style="white-space:pre"> </span>8000.02163e447ed8<span class="Apple-tab-span" style="white-space:pre"> </span>no<span class="Apple-tab-span" style="white-space:pre"> </span>vlan50</div></div><div><br></div><div><div><b># ip route sh</b></div><div>192.168.3.0/27 dev br50 proto kernel scope link src 192.168.3.1 </div><div>192.168.2.0/24 dev br100 proto kernel scope link src 192.168.2.1 </div></div><div><br></div><div><br></div><div>- Can I have several VLANS per physical interface ?</div><div>- Do I need to create everytime a new project, or can I create all my networks and link them to the same project, but be able to specify which network to use everytime I spawn a new instance ?</div><div>- Is it possible to allow some communication between the VLANS (for instance, hosts into the VLAN 50 should only be able to contact hosts into VLAN100 on port 443) ? Does the security groups can manage per VLAN rules ?</div><div><br></div><div>Thanks, i'm a bit desperate here :)</div><div><br></div><div><br></div><div><br></div></body></html>