openstack team mailing list archive

Thread
Date

how to forbid the instances communicating on the same host but different bridges and vlans?

To: <openstack@xxxxxxxxxxxxxxxxxxx>
From: "romi zhang" <romizhang1968@xxxxxxx>
Date: Fri, 1 Jun 2012 16:38:48 +0800
Thread-index: Ac0/0faUbEaxyHcRTN2pcn4785vXqA==

Hi,

 

I use following command to create 2 NICs for the instances of adminTenant
and 1 NICs for aipuTenant:

 

nova-manage network create --label=admin_web --fixed_range_v4=192.168.2.0/28
--num_networks=1 --vlan=200 --bridge=br200 --bridge_interface=eth1
--network_size=16 --multi_host=T
--project_id=5f9281bca6854fe3974a457d81afd78c

 

nova-manage network create --label=admin_ssl
--fixed_range_v4=192.168.21.0/28 --num_networks=1 --vlan=201 --bridge=br201
--bridge_interface=eth2 --network_size=16 --multi_host=T
--project_id=5f9281bca6854fe3974a457d81afd78c

 

nova-manage network create --label=aipu_web --fixed_range_v4=192.168.3.0/28
--num_networks=1 --vlan=300 --bridge=br300 --bridge_interface=eth1
--network_size=16 --multi_host=T
--project_id=ee29f5730caa40958bf4812a0fbec3d9

 

But the result is:

1.       the instance of admin03(192.168.2.3 192.168.21.3,belong
adminTenant) could successfully ping aipu01(192.168.3.3,belong aipuTenant)
on the same compute node(NC01,network+compute service) .

2.       Of course,admin03 could not ping successfully aipu03(192.168.3.6)
on the another compute node(NC02,network+compute service).

 

Is there a way or setting to forbid the IP touching between the instances of
different tenant in different bridges and VLANs on the same compute node?

 

Romi

Follow ups

Re: how to forbid the instances communicating on the same host but different bridges and vlans?
From: Vishvananda Ishaya, 2012-06-01