As far as I can tell most of the requirements can NOT be satisfied by PVLAN. The only thing PVLAN can do is: 1. Restrict a VM's traffic to the upstream router 2. Restrict a VM's traffic to a set of Vms on the same physical VLAN.
PVLAN does not offer any L4 access control, nor can it work across L3 domains. Of the 4 use cases, the first one can be supported in a limited fashion (no security groups, but restricting Vms from communicating using L2 isolation). On 2/28/13 1:35 PM, "Manan Shah" <manan.s...@citrix.com> wrote: >Hi, > >I would like to propose a new feature for adding SG Isolation support for >VMWare Hypervisor using PVLANs. I have created a JIRA ticket and provided >the requirements at the following location. Please provide feedback on the >requirements. > >JIRA Ticket: >https://cwiki.apache.org/confluence/display/CLOUDSTACK/SG+Isolation+in+Adv >a >nced+Zone+for+VMWare+Hypervisor+using+PVLANs >Requirements: >https://cwiki.apache.org/confluence/display/CLOUDSTACK/SG+Isolation+in+Adv >a >nced+Zone+for+VMWare+Hypervisor+using+PVLANs > >Regards, >Manan Shah > > > > > > > > >
