On Wed, Apr 17, 2013 at 05:49:23PM -0700, Sheng Yang wrote: > In fact that's the requirement for this design. We need this very strict > restriction to implement isolation for the VMs. PVLAN is the way we used to > approach this requirement.
As a user, the whole point of this type of network is to support a "backend" management / monitoring network that can be connected to VMs regardless of the user of the VM. Using a VLAN per tenant isn't actually enough even, when you consider the N-Tier apps feature. If a user has 3 "tiers" using traditional VLAN isolation, you are basically tied to a model of 2 VLANs per tier, burning through VLANs much faster than necessary. PVLANs (and the equiv via OVS flows) are the normal way to accomplish this in a traditional hosting environment. Sheng - +1 to this feature and the FS. Nice work, and from someone who will use it, glad to see it being worked on! -chip
