On 3/13/13 9:40 AM, "Koushik Das" <koushik....@citrix.com> wrote:
>I am trying to understand the deployment model with Asa1000v for the VPC >use case mentioned in FS >- Cloud operator creates VPC network offering with source nat using >ASA1000v as the service provider for firewall, source nat, port >forwarding, ACL and routing. CloudStack system vm is used for DHCP, >userdata and metadata, password server. > >I looked at the Inter-VLAN routing FS >(https://cwiki.apache.org/confluence/display/CLOUDSTACK/Inter-VLAN+Routing >). For each network in VPC, a nic is created in the VPC VR. ACL rules are >configured in VPC VR to allow traffic between these networks. >Based on the VPC VR model I am trying to create the deployment model when >Asa is used. Asa has 2 interfaces 'inside' and 'outside'. For isolated >guest network scenario, inside is connected to the private network and >outside connected to public network. I am trying to think how to map it >for VPC case where there can be N private nics and 1 public nic. > >Chiradeep, can you share your thoughts on this? > >Thanks, >Koushik That surprises me, but it looks like it is true: http://s.apache.org/Hc2 It appears that the assumption is that one VLAN = 1 tenant. Within the VLAN you can create multiple tiers (web, app, db) and isolate them using the VSG. This would be akin to using security groups within one tier to provide isolation. Note that all tiers would belong to the same subnet.
