Wido, I suppose it's a nice solution as shorthand workaround. But in the long-term perspective, I believe all stuff related to (SO, network) must be reimplemented.
Cases - A SO may have different bandwidth limitation for different networks; - Your case with SGs: for certain networks, SGs may be excessive. I think that we need improving SO definition with some kind of allocation rules which combine (SG: Boolean, Bandwidth: Long, NetworkOffering), so, every SO, when being used with VM and a certain network of NetworkOffering must apply the rule which defines SG facility and bandwidth. пт, 7 дек. 2018 г. в 07:49, Wido den Hollander <w...@widodh.nl>: > Hi, > > I'm looking into this setup: > > Advanced zone with VXLAN > > - Guest Network 1: Network Offering with SG > - Guest Network 2: Network Offering WITHOUT SG > > This doesn't work as the zone has SG enabled and thus all guest networks > require SG. > > I wonder why each Guest Networks needs to have SG enabled. For KVM for > example it shouldn't be a technical requirement. As VXLAN (or even > VLANs) provide the isolation between different networks you should be > able to have one network with SG and the other without SG. > > Does anybody know why each Guest network needs SG? > > Now, I was thinking about creating 'DummySecurityGroupProvider' which > says 'true' to everything you ask it, but in reality doesn't do > anything. This way you could use that provider in a network offering and > work around this. > > Would that make sense to people? > > Wido > -- With best regards, Ivan Kudryavtsev Bitworks LLC Cell RU: +7-923-414-1515 Cell USA: +1-201-257-1512 WWW: http://bitworks.software/ <http://bw-sw.com/>
