Hi all, I'm trying to create an advanced architecture with Nova, that uses several projects per user, and multiple networks (one network per project) The networks have their own vlan : id IPv4 IPv6 start address DNS1 DNS2 VlanID project uuid 12 192.168.2.0/24 None 192.168.2.3 None None 100 first_project None 13 192.168.3.0/27 None 192.168.3.3 None None 50 another_project None
It looks like while the first project runs wells (creates instances have connectivity and can be reached), while the instances created via the second project are unreacheable. Both have the right SG rules, and both networks create the rights VLANS : # /proc/net/vlan/config VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD vlan100 | 100 | eth0 vlan50 | 50 | eth0 # brctl show br100 8000.02163e137a78 no vlan100 br50 8000.02163e447ed8 no vlan50 # ip route sh 192.168.3.0/27 dev br50 proto kernel scope link src 192.168.3.1 192.168.2.0/24 dev br100 proto kernel scope link src 192.168.2.1 - Can I have several VLANS per physical interface ? - Do I need to create everytime a new project, or can I create all my networks and link them to the same project, but be able to specify which network to use everytime I spawn a new instance ? - Is it possible to allow some communication between the VLANS (for instance, hosts into the VLAN 50 should only be able to contact hosts into VLAN100 on port 443) ? Does the security groups can manage per VLAN rules ? Thanks, i'm a bit desperate here :)
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
