nova team mailing list archive
Mailing list archive
Re: Network filtering for libvirt and for non-libvirt hypervisors
Dan Wendlandt <dan@xxxxxxxxxx>
Soren Hansen <soren@xxxxxxxxxx>
Sat, 25 Sep 2010 21:50:16 +0200
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:184.108.40.206) Gecko/20100915 Thunderbird/3.1.4
On 21-09-2010 01:13, Dan Wendlandt wrote:
>> I think it could make good sense to have an API call to create an
>> extra network with a self-chosen IP-range and have another API call
>> to add an interface connected to said network to VM's. This part of
>> the API would only be exposed if the network model had a way to
>> keep users' networks segregated.
> I agree with the concept of letting a tenant create one or more
> isolated networks. Where you envisioning that IP + MAC filtering
> would be a strict requirement for such networks as well? I would
> advocate that it is not.
No, for those networks, I wouldn't do any filtering at all. They can do
whatever they want there.
> But if a tenant gets one or more of their own isolated L2 networks,
> there are cases where it seems unnecessary and potentially cumbersome
> to require that the hypervisor be able to known all valid IPs a host
> may use.
Ubuntu Developer http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/