Hello We're at the stage of working out how to integrate our Icehouse system with the external network, using Neutron.
We have a limited set of public IPs available for inbound access, and we'd also like to make outbound access optional, in case some projects want to be completely isolated. One suggestion is as follows: - each project is allocated a single /24 VLAN - within this VLAN, there are 2 subnets - the first subnet (/25) would be for outbound access, using floating IPs - the second (/25) subnet would be for inbound access, drawing from the limited public pool, also with floating IPs Does that sound sensible/feasible? The Cisco hardware that's providing the route to the external network has constraints in the numbers of VLANs it will support, so we prefer this approach to having separate per-project VLANs for outbound and inbound access. If there's a different way of achieving this, I'd be interested to hear that too. Cheers, Adam _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
