← Back to team overview

nova team mailing list archive

Re: Network filtering for libvirt and for non-libvirt hypervisors


On 21-09-2010 01:13, Dan Wendlandt wrote:
>> I think it could make good sense to have an API call to create an
>> extra network with a self-chosen IP-range and have another API call
>> to add an interface connected to said network to VM's. This part of
>> the API would only be exposed if the network model had a way to
>> keep users' networks segregated.
> I agree with the concept of letting a tenant create one or more
> isolated networks.  Where you envisioning that IP + MAC filtering
> would be a strict requirement for such networks as well?  I would
> advocate that it is not.

No, for those networks, I wouldn't do any filtering at all. They can do
whatever they want there.

> But if a tenant gets one or more of their own isolated L2 networks,
> there are cases where it seems unnecessary and potentially cumbersome
> to require that the hypervisor be able to known all valid IPs a host
> may use.

Absolutely agree.

Soren Hansen
Ubuntu Developer    http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/