Hello, We have been slowly migrating our various customer VMs to ACS configured with Advanced Networking (without Security Group enabled) configured with multiple KVM and XCP-NG clusters with great success. After experimenting with Open Nebula and Open Stack for most of last year we are impressed with ACS.
In addition to our traditional enterprise customers, we also have education institutions using our infrastructure for classes and training. What would be the best way to support a Domains with 200+ accounts with their respective isolated network and some shared networks in ACS? We can assign new hosts, external gateways, vlan, vxlan, etc., but one public ipv4 per account would be undesirable. We our current knowledge, the out-of-the-box networking scalability seems to be a limiting factor for us. We have been experimenting with different permutations for a few weeks. We've also tried using hardware routers for gateway and VPN termination. As such, we dedicated a router for VPNs with 200 predefined VLANs and subnets. 200 L2 networks are then defined with each VLAN-id and assigned to an account as their "isolated" network (with Source NAT). A domain shared network is also defined for intra-account communication. However, the root admin can only do the network definition and association to the account. Ideally, the use case would be for the domain admin to define and assign or the account to create the "isolated" network. We could always deploy a new zone with different networking configuration if it would help. Any suggestion would be appreciated. Regards, Antoine
