[Openstack] inter-tenant and VM-to-bare-metal communication policies/restrictions.
Lorin Hochstein
lorin at nimbisservices.com
Wed Aug 15 02:16:45 UTC 2012
On Jul 5, 2012, at 11:47 AM, Christian Parpart <trapni at gmail.com> wrote:
> Hi all,
>
> I am running multiple compute nodes and a single nova-network node, that is to act
> as a central gateway for the tenant's VMs.
>
> However, since this nova-network node (of course) knows all routes, every VM of
> any tenant can talk to each other, including to the physical nodes, which
> I highly disagree with and would like to restrict that. :-)
>
If you add this to nova.conf:
allow_same_net_traffic=false
It should prevent the VMs from communicating with each other. From
http://docs.openstack.org/essex/openstack-compute/admin/content/compute-options-reference.html#d6e3133
Take care,
Lorin
--
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120814/0b01f1f3/attachment.html>
More information about the Openstack
mailing list