On 23/07/13 11:15 PM, "Nguyen Anh Tu" <[email protected]> wrote:
>@David: it just only add a feature for guest network mode. If a VPC has >too >much tiers, maybe one VPC router is not enough. If scale is a concern with VPC router, perhaps that could be addressed. I believe users can today deploy a routing appliance as an instance with NIC's in both guest networks that can provide inter-vlan routing, of course its not out-of-the box solution and needs setting up the static routes on the instances but works. [1] has pre-VPC reference solutions for VM connectivity across the guest networks. [1] http://www.slideshare.net/cloudstack/cloudstack-networking >@Ahmad: this proposal use a route instead of a nat. Vms can talk via >privateIP. Of course, VMs in two guest networks currently can reach each >other via hairpinNAT. >@Chip: For the beginning, I just wanna limit privilege to Root admin. If >users can easily config route, maybe it cause some conflict rules. > > >2013/7/24 Chip Childers <[email protected]> > >> On Tue, Jul 23, 2013 at 01:26:08PM -0400, David Nalley wrote: >> > On Tue, Jul 23, 2013 at 1:21 PM, Nguyen Anh Tu <[email protected]> >> wrote: >> > > Hi guys, >> > > >> > > I write a proposal about implementing routing method for guest >>networks >> > > using VLAN isolation. At the moment, they can reach each other due >>to >> > > interVLAN routing in VPC model, but can not in Guest network model. >>So >> the >> > > key point is make some static routes between them, including >>iptables >> rules >> > > for filtering ports and protocols. Please take a look on my >>proposal, >> link >> > > below. >> > > >> > > >> >>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Routing+between+Gu >>est+networks >> > > >> > >> > Isn't this exactly the case that VPC is designed to solve? >> > What's the benefit of doing this? If we did this, would we continue >> using VPC? >> > >> > --David >> > >> >> Well right now, the main issue is that VPC follows the AWS VPC concepts >> of allocating a single block for the VPC. This isn't actually flexible >> enough for some environments, and Nguyen's proposal is something that >>I've >> been looking into myself. >> >> Nguyen, when you state "All configurations are done by admin only.", >> which admin? Root? If root only, why? >> > > > >-- > >N.g.U.y.e.N.A.n.H.t.U >
