nova team mailing list archive

Thread
Date

Re: Network filtering for libvirt and for non-libvirt hypervisors

To: Dan Wendlandt <dan@xxxxxxxxxx>
From: Soren Hansen <soren@xxxxxxxxxx>
Date: Sat, 25 Sep 2010 21:50:16 +0200
Cc: nova <nova@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <AANLkTi=Zhb77uTTbgWFWK_PV=HLOcPCjWF40QFE8YfU=@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4

On 21-09-2010 01:13, Dan Wendlandt wrote:
>> I think it could make good sense to have an API call to create an
>> extra network with a self-chosen IP-range and have another API call
>> to add an interface connected to said network to VM's. This part of
>> the API would only be exposed if the network model had a way to
>> keep users' networks segregated.
> I agree with the concept of letting a tenant create one or more
> isolated networks.  Where you envisioning that IP + MAC filtering
> would be a strict requirement for such networks as well?  I would
> advocate that it is not.

No, for those networks, I wouldn't do any filtering at all. They can do
whatever they want there.

> But if a tenant gets one or more of their own isolated L2 networks,
> there are cases where it seems unnecessary and potentially cumbersome
> to require that the hypervisor be able to known all valid IPs a host
> may use.

Absolutely agree.

-- 
Soren Hansen
Ubuntu Developer    http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/

References

Network filtering for libvirt and for non-libvirt hypervisors
From: Soren Hansen, 2010-09-15
Re: Network filtering for libvirt and for non-libvirt hypervisors
From: Dan Wendlandt, 2010-09-20
Re: Network filtering for libvirt and for non-libvirt hypervisors
From: Soren Hansen, 2010-09-20
Re: Network filtering for libvirt and for non-libvirt hypervisors
From: Dan Wendlandt, 2010-09-20