2015-07-07 23:46 GMT+02:00 Salvatore Orlando <sorla...@nicira.com>: Even if VMs are in the same logical network, it should be possible to do > isolation associating them with different security groups, in your case N > security groups. > For instance if VM1 and VM2 are associated respectively with security > group SG1 and SG2, and this security group only have the default rules plus > one for enabling connectivity with VM0, VM1 should not reach VM2. If this > happens something is not quite right. >
Indeed, I found my mistake. I had left the "default" group - which does not only contain the default egress rules, but also "Ingress / IPv4 / Any / default". Without that, I don't even need separate groups but can assign the same one to all the VMs, and that's great! Thanks again to you and Kevin Marco
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
