Sorry for this not threading properly. I had set the Mailman config to filter 
on Neutron topic but it ended up filtering out everything so I only saw 
responses by looking at the archive. I removed the filter in Mailman and will 
have to filter locally on my end. But I don't have any of the original emails 
from the list to respond to in thread.

Anyway, Mathieu Rohon's response was interesting but not the same notion I was 
thinking of. I'm not talking about what various switch vendors call "private 
VLAN", meaning a layer two segment where any to any connectivity is 
deliberately prohibited. That's a useful concept, just not the use case I had 
in mind.

Jay's point about dealing appropriately with overlapping subnets is also 
important in the general case but I had a simpler use case in mind. 
Specifically, I was assuming (although I may not have said so) that the 
networks would be configured by an admin to be available to multiple tenants. I 
hadn't thought of the notion of a tenant making one of their networks available 
to another tenant.

The particular use case I have in mind concerns networks that could technically 
be created as admin and marked as shared and thus have only whatever network 
namespace considerations that apply to shared networks. The desire to make them 
"partially shared" has more to do with the UI (either Horizon or API access) 
not showing them to tenants who are not on the approved list and not permitting 
tenants who are not on the list to attach instances to them.

This is basically like the door list at a club. If you're not on the list you 
can't get into the club. But if you're on the list, once you're inside the club 
it's not really any different from a less exclusive club other than the fact 
that everybody inside was "on the list".

Paul Carver

OpenStack-dev mailing list

Reply via email to