@David: it just only add a feature for guest network mode. If a VPC has too much tiers, maybe one VPC router is not enough. @Ahmad: this proposal use a route instead of a nat. Vms can talk via privateIP. Of course, VMs in two guest networks currently can reach each other via hairpinNAT. @Chip: For the beginning, I just wanna limit privilege to Root admin. If users can easily config route, maybe it cause some conflict rules.
2013/7/24 Chip Childers <chip.child...@sungard.com> > On Tue, Jul 23, 2013 at 01:26:08PM -0400, David Nalley wrote: > > On Tue, Jul 23, 2013 at 1:21 PM, Nguyen Anh Tu <ng.t...@gmail.com> > wrote: > > > Hi guys, > > > > > > I write a proposal about implementing routing method for guest networks > > > using VLAN isolation. At the moment, they can reach each other due to > > > interVLAN routing in VPC model, but can not in Guest network model. So > the > > > key point is make some static routes between them, including iptables > rules > > > for filtering ports and protocols. Please take a look on my proposal, > link > > > below. > > > > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Routing+between+Guest+networks > > > > > > > Isn't this exactly the case that VPC is designed to solve? > > What's the benefit of doing this? If we did this, would we continue > using VPC? > > > > --David > > > > Well right now, the main issue is that VPC follows the AWS VPC concepts > of allocating a single block for the VPC. This isn't actually flexible > enough for some environments, and Nguyen's proposal is something that I've > been looking into myself. > > Nguyen, when you state "All configurations are done by admin only.", > which admin? Root? If root only, why? > -- N.g.U.y.e.N.A.n.H.t.U
