[Openstack-operators] Networking architecture question: communication between tenants

Fox, Kevin M Kevin.Fox at pnnl.gov
Mon Nov 3 15:20:11 UTC 2014


We have 2 public networks, one for the internet and one public nonroutable one. Then we use per tenant private networks and two routers per tenant. One on each net. Then default the internet one and the internet router config provides an extra route to the nonroutable net router. Has worked well in production for 6 months with icehouse.

Thanks,
Kevin

________________________________
From: Emrah Aslan
Sent: Monday, November 03, 2014 1:44:34 AM
To: Michaël Van de Borne; openstack-operators
Subject: Re: [Openstack-operators] Networking architecture question: communication between tenants

Hi all,

I've checked  but couldn’t find an exact solution  - somehow can not troubleshoot caused by lack of 3rd party troubleshooting sw. Cloud-wide Galera cluster  has lots of bugs for sure.

Has anyone tried the AWS amazon tier2 services. We are having exactly the same problem within the AWS cloud services.

Kind Regards

Emrah ASLAN
Cisco/Citrix System Engineer



www.logicom.com.tr
Noramin İş Merkezi  | No: 237 /114 | 34398 Maslak ,İstanbul ,TR

T: +90 212 2762720  | D: +90 850 2215821  | M: +90 533 2853803  | F: +90 212 2762750



Değerli İş Ortaklarımız,
Logicom kampanyaları , fırsat, duyuru ve stok bilgilerinin sizlere düzenli ulaşması için  aşağıdaki linki tıklayarak  e-mail adresinizi güncellemenizi rica ediyoruz.
http://visitor.r20.constantcontact.com/manage/optin?v=001t9egDEMH10MEulnTu-Lzln0RXbiYIgR2HnLd_hpHmPb0K44ZxJOya0FvCOF3TI8c2qeErt1Xrn3PlZqntTSqiSTW40PTK2XQ8OlOUe4qYOE%3D

-----Original Message-----
From: Michaël Van de Borne [mailto:michael.vandeborne at cetic.be]
Sent: Monday, November 03, 2014 11:25 AM
To: openstack-operators
Subject: [Openstack-operators] Networking architecture question: communication between tenants

Hello,

I'm building a private cloud in which I'd like Application Server instances from separate tenants to access the same unique cloud-wide Galera cluster (which would have its own tenant).

I'm wondering what the best network topology would be to achieve this.
The constraint is that tenant A Application Server instances should not see Tenant B App Servers.
- should I go with a per-tenant router topology? and assign 2 NICs to App Server instances: first one in their tenant network,  second one in Galera cluster tenant? is that possible?
- should I go with one router for all tenants?
- should the Galera cluster only be accessed from its floating IPs in order to avoid all communication between tenants?

Am I missing something?

Your architectural thoughts are welcome.

thank you,

cheers,

michaël

--
Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli www.cetic.be<http://www.cetic.be>, rue des Frères Wright, 29/3, B-6041 Charleroi


_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20141103/8923fc43/attachment.html>


More information about the OpenStack-operators mailing list