Broadcast traffic should be blocked via the vlan separation and direct traffic should be blocked via security groups. Do you have a security group that allows ping traffic from 0.0.0.0/0?
Vish On Jun 1, 2012, at 1:38 AM, romi zhang wrote: > Hi, > > I use following command to create 2 NICs for the instances of adminTenant and > 1 NICs for aipuTenant: > > nova-manage network create --label=admin_web --fixed_range_v4=192.168.2.0/28 > --num_networks=1 --vlan=200 --bridge=br200 --bridge_interface=eth1 > --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c > > nova-manage network create --label=admin_ssl --fixed_range_v4=192.168.21.0/28 > --num_networks=1 --vlan=201 --bridge=br201 --bridge_interface=eth2 > --network_size=16 --multi_host=T --project_id=5f9281bca6854fe3974a457d81afd78c > > nova-manage network create --label=aipu_web --fixed_range_v4=192.168.3.0/28 > --num_networks=1 --vlan=300 --bridge=br300 --bridge_interface=eth1 > --network_size=16 --multi_host=T --project_id=ee29f5730caa40958bf4812a0fbec3d9 > > But the result is: > 1. the instance of admin03(192.168.2.3 192.168.21.3,belong adminTenant) > could successfully ping aipu01(192.168.3.3,belong aipuTenant) on the same > compute node(NC01,network+compute service) . > 2. Of course,admin03 could not ping successfully aipu03(192.168.3.6) on > the another compute node(NC02,network+compute service). > > Is there a way or setting to forbid the IP touching between the instances of > different tenant in different bridges and VLANs on the same compute node? > > Romi > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
