Hi Vish,
You are right, it was a misunderstanding.
In fact, during in the period of time between my email and you answer, I
managed to setup a test environment to capture packets using tcpdump, and
could verify in loco the tenant isolation at L2.
PS: I have carried out this verification in a
Hello,
I have just installed Folsom in a physical server, and the tenants can also
ping and ssh into each others instances.
I think there is something wrong with my setup.
Below I provide some info from the deployment.
Any tip will be very much appreciated.
Thanks.
Roni
nova-manage network
There is nothing wrong with your setup. L3 routing is done by the network node.
L3 is already blocked by security groups. The vlans provide L2 isolation.
Essentially we handle this with convention, as in tell your tenants not to open
up their firewalls if they don't want to be accessed by other
Hi Roni,
VirtualBox should honour the VLAN tagging, but it seems its related to the
driver type used: e1000 strips the VLAN tag it seems. I don't recall
having this issue, but if I get time I'll be happy to spin an environment
up and have a play.
See this post:
Hello,
I am playing with Openstack and VlanManager in a Virtualbox machine. Is it
tenant isolation supposed to work in this setup?
I have several tenants, and the instances for them have landed on different
subnets (11.0.1.x, 11.0.2.x, 11.0.3.x, etc).
It is possible to ping and ssh other tenant
5 matches
Mail list logo
