Thank you both very much for your answers. I think the ExternalGuestNetworkGuru will be best received on my side, so I will do some more research on that.
Thanks... On Mon, Mar 18, 2013 at 2:46 AM, Murali Reddy <murali.re...@citrix.com>wrote: > On 16/03/13 1:46 AM, "Will Stevens" <wstev...@cloudops.com> wrote: > > > >1. Restrict the available subnets for each account so two accounts can't > >create overlapping subnets. > >To me, this breaks the whole concept of cloud, but for enterprise > >customers > >this is not a huge limitation because they usually solve this problem this > >way. > > > >2. Run multiple Palo Alto VM firewalls and associate one VM firewall per > >account. > >The management overhead of this is crazy, so this type of implementation > >would be very hard to work with. > > > >Since I do not like either of these approaches, I wanted to see if I could > >get some feedback on this. Are there other alternatives that would solve > >the problem more elegantly that I have not mentioned? What would be the > >best way to solve this problem in a 'CloudStack way'? > > Unfortunately vendor appliacnces CloudStack support, does not have > multi-tenancy yet. 'CloudStack way' has been both #1 and #2 to work around > this. > > Please see [1], so 'external guest network' Guru designs the network such > that no two guest networks in a zone using external network device has > overlapping Cidr's. You may use 'external guest network' guru or extend it > ensure automatically generated non-overlapping CIDR's for guest network. > > Also CloudStack already supports notion of multiple provider instances per > physical network. Using which for load balancer devices there is generic > management piece of code to allocate a dedicated (per tenant) or shared > load balancer from a pool of admin provisioned load balancers [2]. See if > this helps if you intend to support pool of firewall VM's. > > [1] server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java > [2] server/src/com/cloud/network/ExternalLoadBalancerDeviceManagerImpl.java > > -Murali > > > > > >Any feedback on this would be appreciated. > > > >Cheers, > > > >Will > > > > >
