Hi, This is something that we potentially could implement during the implementation of the isolated-network bp [1] Basically, on an isolated network, an ARP responder will respond to ARP request. For an L2 network which is totally isolated, ARP responder will only respond to arp-request of the gateway, other broadcast requests will be dropped (except for DHCP requests)
We could enhance this feature to populate the arp-responder so that if tenant A and tenant B wants to be able to communicate on this shared and isolated network, ARP responder for the VM of tenant A will be populated with Mac address of VM of the Tenant B, and vice versa. [1] https://blueprints.launchpad.net/neutron/+spec/isolated-network On Fri, Jan 10, 2014 at 10:00 PM, Jay Pipes <[email protected]> wrote: > On Fri, 2014-01-10 at 17:06 +0000, CARVER, PAUL wrote: >> If anyone is giving any thought to networks that are available to >> multiple tenants (controlled by a configurable list of tenants) but >> not visible to all tenants I’d like to hear about it. >> >> I’m especially thinking of scenarios where specific networks exist >> outside of OpenStack and have specific purposes and rules for who can >> deploy servers on them. We’d like to enable the use of OpenStack to >> deploy to these sorts of networks but we can’t do that with the >> current “shared or not shared” binary choice. > > Hi Paul :) Please see here: > > https://www.mail-archive.com/[email protected]/msg07268.html > > for a similar discussion. > > best, > -jay > > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
