<div dir="ltr"><div style>Hello,</div><div style><br></div><div style><br></div>I have just installed Folsom in a physical server, and the tenants can also ping and ssh into each others instances. <div>I think there is something wrong with my setup.</div>
<div><br></div><div>Below I provide some info from the deployment.</div><div>Any tip will be very much appreciated.</div><div><br></div><div>Thanks.</div><div>Roni<br><div><br></div><div><br></div><div><div>nova-manage network list</div>
<div>id <span class="" style="white-space:pre"> </span>IPv4 <span class="" style="white-space:pre"> </span>IPv6 <span class="" style="white-space:pre"> </span>start address <span class="" style="white-space:pre"> </span>DNS1 <span class="" style="white-space:pre"> </span>DNS2 <span class="" style="white-space:pre"> </span>VlanID <span class="" style="white-space:pre"> </span>project <span class="" style="white-space:pre"> </span>uuid </div>
<div>1 <span class="" style="white-space:pre"> </span><a href="http://10.0.0.0/24">10.0.0.0/24</a> <span class="" style="white-space:pre"> </span>None <span class="" style="white-space:pre"> </span>10.0.0.3 <span class="" style="white-space:pre"> </span>None <span class="" style="white-space:pre"> </span>None <span class="" style="white-space:pre"> </span>100 <span class="" style="white-space:pre"> </span>c0561ee64e6c40b2aea3bdcf47916f18<span class="" style="white-space:pre"> </span>c417baf7-f989-49d9-973d-f6f2b51a2d5c</div>
<div>2 <span class="" style="white-space:pre"> </span><a href="http://10.0.1.0/24">10.0.1.0/24</a> <span class="" style="white-space:pre"> </span>None <span class="" style="white-space:pre"> </span>10.0.1.3 <span class="" style="white-space:pre"> </span>None <span class="" style="white-space:pre"> </span>None <span class="" style="white-space:pre"> </span>101 <span class="" style="white-space:pre"> </span>36ae086d927f49039cedfcb046463876<span class="" style="white-space:pre"> </span>4bff308a-7990-46a4-952b-772d4953cb10</div>
</div><div><br></div><div><br></div><div>--</div><div><br></div><div><div>brctl show</div><div><br></div><div>bridge name<span class="" style="white-space:pre"> </span>bridge id<span class="" style="white-space:pre"> </span>STP enabled<span class="" style="white-space:pre"> </span>interfaces</div>
<div>br100<span class="" style="white-space:pre"> </span>8000.fa163e7b7397<span class="" style="white-space:pre"> </span>no<span class="" style="white-space:pre"> </span>vlan100</div><div><span class="" style="white-space:pre"> </span>vnet0</div>
<div>br101<span class="" style="white-space:pre"> </span>8000.fa163e7baec0<span class="" style="white-space:pre"> </span>no<span class="" style="white-space:pre"> </span>vlan101</div><div><span class="" style="white-space:pre"> </span>vnet1</div>
</div><div><br></div><div>-------</div><div><br></div><div><div>br100 Link encap:Ethernet HWaddr fa:16:3e:7b:73:97 </div><div> inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0</div><div> inet6 addr: fe80::b016:8dff:fefa:43db/64 Scope:Link</div>
<div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:531 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:803 errors:0 dropped:0 overruns:0 carrier:0</div><div>
collisions:0 txqueuelen:0 </div><div> RX bytes:66890 (66.8 KB) TX bytes:90421 (90.4 KB)</div><div><br></div><div>br101 Link encap:Ethernet HWaddr fa:16:3e:7b:ae:c0 </div><div> inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::c41:bbff:fed4:354b/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:422 errors:0 dropped:0 overruns:0 frame:0</div><div>
TX packets:574 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:0 </div><div> RX bytes:65212 (65.2 KB) TX bytes:69840 (69.8 KB)</div><div><br></div><div>dummy0 Link encap:Ethernet HWaddr 02:dc:e1:5c:aa:5e </div><div> inet6 addr: fe80::dc:e1ff:fe5c:aa5e/64 Scope:Link</div>
<div> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1</div><div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:169 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div>
<div> RX bytes:0 (0.0 B) TX bytes:23932 (23.9 KB)</div><div><br></div><div>dummy1 Link encap:Ethernet HWaddr 72:2d:2b:59:a2:d1 </div><div> BROADCAST NOARP MTU:1500 Metric:1</div><div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div><div> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</div><div><br></div><div>dummy2 Link encap:Ethernet HWaddr 72:6f:28:d7:e8:cd </div>
<div> BROADCAST NOARP MTU:1500 Metric:1</div><div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div>
<div> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</div><div><br></div><div>eth0 Link encap:Ethernet HWaddr 00:1a:92:08:1f:47 </div><div> inet addr:10.100.200.126 Bcast:10.100.200.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::21a:92ff:fe08:1f47/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:210280 errors:1 dropped:0 overruns:0 frame:1</div><div>
TX packets:20752 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:310541700 (310.5 MB) TX bytes:1983489 (1.9 MB)</div><div><br></div><div>lo Link encap:Local Loopback </div>
<div> inet addr:127.0.0.1 Mask:255.0.0.0</div><div> inet6 addr: ::1/128 Scope:Host</div><div> UP LOOPBACK RUNNING MTU:16436 Metric:1</div><div> RX packets:91449 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:91449 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div><div> RX bytes:600766448 (600.7 MB) TX bytes:600766448 (600.7 MB)</div><div><br></div>
<div>
vlan100 Link encap:Ethernet HWaddr fa:16:3e:7b:73:97 </div><div> inet6 addr: fe80::f816:3eff:fe7b:7397/64 Scope:Link</div><div> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1</div><div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:71 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0 </div><div> RX bytes:0 (0.0 B) TX bytes:11025 (11.0 KB)</div><div><br></div><div>vlan101 Link encap:Ethernet HWaddr fa:16:3e:7b:ae:c0 </div>
<div> inet6 addr: fe80::f816:3eff:fe7b:aec0/64 Scope:Link</div><div> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1</div><div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:95 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:0 </div><div> RX bytes:0 (0.0 B) TX bytes:12033 (12.0 KB)</div><div><br></div><div>vnet0 Link encap:Ethernet HWaddr fe:16:3e:7b:0b:14 </div><div> inet6 addr: fe80::fc16:3eff:fe7b:b14/64 Scope:Link</div>
<div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:531 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:764 errors:0 dropped:0 overruns:0 carrier:0</div><div>
collisions:0 txqueuelen:500 </div><div> RX bytes:74324 (74.3 KB) TX bytes:84372 (84.3 KB)</div><div><br></div><div>vnet1 Link encap:Ethernet HWaddr fe:16:3e:5c:99:18 </div><div> inet6 addr: fe80::fc16:3eff:fe5c:9918/64 Scope:Link</div>
<div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:422 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:520 errors:0 dropped:0 overruns:0 carrier:0</div><div>
collisions:0 txqueuelen:500 </div><div> RX bytes:71120 (71.1 KB) TX bytes:63161 (63.1 KB)</div><div><br></div><div>wlan0 Link encap:Ethernet HWaddr 00:24:01:12:c8:6b </div><div> BROADCAST MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000 </div><div> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</div>
</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 21 January 2013 11:15, Kevin Jackson <span dir="ltr"><<a href="mailto:kevin@linuxservices.co.uk" target="_blank">kevin@linuxservices.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hi Roni,<br></div>VirtualBox should honour the VLAN tagging, but it seems its related to the driver type used: e1000 strips the VLAN tag it seems. I don't recall having this issue, but if I get time I'll be happy to spin an environment up and have a play.<br>
<br></div>See this post: <a href="http://humbledown.org/virtualbox-intel-vlan-tag-stripping.xhtml" target="_blank">http://humbledown.org/virtualbox-intel-vlan-tag-stripping.xhtml</a><br><div><br>Regards,<br>Kev<br></div>
</div><div class="gmail_extra">
<br><br><div class="gmail_quote"><div><div class="h5">On 20 January 2013 15:32, Ronivon Costa <span dir="ltr"><<a href="mailto:ronivon.costa@gmail.com" target="_blank">ronivon.costa@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div dir="ltr">Hello,<div><br></div><div>I am playing with Openstack and VlanManager in a Virtualbox machine. Is it tenant isolation supposed to work in this setup?</div><div><br></div><div>I have several tenants, and the instances for them have landed on different subnets (11.0.1.x, 11.0.2.x, 11.0.3.x, etc).</div>
<div><br></div><div>It is possible to ping and ssh other tenant instances from any tenant! </div><div><br></div><div>Is this the correct behaviour for a virtualized deployement ?</div><div><br>
</div><div>Cheers,</div><div>Roni</div><div><br></div></div>
<br></div></div>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br>Kevin Jackson<br>@itarchitectkev
</font></span></div>
</blockquote></div><br></div>