[Openstack-operators] Networking architecture question: communication between tenants

Michaël Van de Borne michael.vandeborne at cetic.be
Mon Nov 3 09:25:07 UTC 2014


Hello,

I'm building a private cloud in which I'd like Application Server 
instances from separate tenants to access the same unique cloud-wide 
Galera cluster (which would have its own tenant).

I'm wondering what the best network topology would be to achieve this. 
The constraint is that tenant A Application Server instances should not 
see Tenant B App Servers.
- should I go with a per-tenant router topology? and assign 2 NICs to 
App Server instances: first one in their tenant network,  second one in 
Galera cluster tenant? is that possible?
- should I go with one router for all tenants?
- should the Galera cluster only be accessed from its floating IPs in 
order to avoid all communication between tenants?

Am I missing something?

Your architectural thoughts are welcome.

thank you,

cheers,

michaël

-- 
Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi




More information about the OpenStack-operators mailing list