openstack team mailing list archive

[Razique Mahroua <razique.mahroua@xxxxxxxxx>]

Hi all, 
I'm trying to create an advanced architecture with Nova, that uses several projects per user, and multiple networks (one network per project)
The networks have their own vlan : 
id   	IPv4              	IPv6           	start address  	DNS1           	DNS2           	VlanID         	project        	uuid           
12   	192.168.2.0/24    	None           	192.168.2.3    	None           	None           	100            	first_project  	None           
13   	192.168.3.0/27    	None           	192.168.3.3    	None           	None           	50             	another_project	None 

It looks like while the first project runs wells (creates instances have connectivity and can be reached), while the instances created via the second project are unreacheable.
Both have the right SG rules, and both networks create the rights VLANS : 

# /proc/net/vlan/config
VLAN Dev name	 | VLAN ID
Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD
vlan100        | 100  | eth0
vlan50         | 50  | eth0

# brctl show
br100		8000.02163e137a78	no		vlan100
br50		8000.02163e447ed8	no		vlan50

# ip route sh
192.168.3.0/27 dev br50  proto kernel  scope link  src 192.168.3.1 
192.168.2.0/24 dev br100  proto kernel  scope link  src 192.168.2.1 


- Can I have several VLANS per physical interface ?
- Do I need to create everytime a new project, or can I create all my networks and link them to the same project, but be able to specify which network to use everytime I spawn a new instance ?
- Is it possible to allow some communication between the VLANS (for instance, hosts into the VLAN 50 should only be able to contact hosts into VLAN100 on port 443) ? Does the security groups can manage per VLAN rules ?

Thanks, i'm a bit desperate here :)