openstack team mailing list archive

[Vishvananda Ishaya <vishvananda@xxxxxxxxx>]

Broadcast traffic should be blocked via the vlan separation and direct traffic should be blocked via security groups. Do you have a security group that allows ping traffic from 0.0.0.0/0?

Vish

On Jun 1, 2012, at 1:38 AM, romi zhang wrote:

> Hi,
>  
> I use following command to create 2 NICs for the instances of adminTenant and 1 NICs for aipuTenant:
>  
> nova-manage network create --label=admin_web --fixed_range_v4=192.168.2.0/28 --num_networks=1 --vlan=200 --bridge=br200 --bridge_interface=eth1 --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c
>  
> nova-manage network create --label=admin_ssl --fixed_range_v4=192.168.21.0/28 --num_networks=1 --vlan=201 --bridge=br201 --bridge_interface=eth2 --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c
>  
> nova-manage network create --label=aipu_web --fixed_range_v4=192.168.3.0/28 --num_networks=1 --vlan=300 --bridge=br300 --bridge_interface=eth1 --network_size=16 --multi_host=T --project_id=ee29f5730caa40958bf4812a0fbec3d9
>  
> But the result is:
> 1.       the instance of admin03(192.168.2.3 192.168.21.3,belong adminTenant) could successfully ping aipu01(192.168.3.3,belong aipuTenant) on the same compute node(NC01,network+compute service) .
> 2.       Of course,admin03 could not ping successfully aipu03(192.168.3.6) on the another compute node(NC02,network+compute service).
>  
> Is there a way or setting to forbid the IP touching between the instances of different tenant in different bridges and VLANs on the same compute node?
>  
> Romi
>  
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp