On 18/04/13 6:29 AM, "Chip Childers" <[email protected]> wrote:
>On Wed, Apr 17, 2013 at 05:49:23PM -0700, Sheng Yang wrote: >> In fact that's the requirement for this design. We need this very strict >> restriction to implement isolation for the VMs. PVLAN is the way we >>used to >> approach this requirement. > >As a user, the whole point of this type of network is to support a >"backend" >management / monitoring network that can be connected to VMs regardless >of the user of the VM. I see. I get the use-case of using 'secondary isolated VLAN' for backup/management this proposal is targetting. > Using a VLAN per tenant isn't actually enough >even, when you consider the N-Tier apps feature. If a user has 3 >"tiers" using traditional VLAN isolation, you are basically tied to a >model of 2 VLANs per tier, burning through VLANs much faster than >necessary. PVLANs (and the equiv via OVS flows) are the normal way to >accomplish this in a traditional hosting environment. Not sure I understand your point here. My question was about use-case of 'secondary community VLAN' as VLAN alternative for tenant isolation, if that can solve 4096 limitation. May be PVLAN is not adopted/considered as isolation solution, compared to say VXLAN/NVGRE/STT. So use-case itself may not be that value. Nevertheless, good add to CloudStack networking, +1 for the proposal.
