Since they are essentially regular ports in the neutron data model, the regular rules for attaching to networks would apply. So you can should be able to create a sub-port on another network if that network is shared with you (either globally shared or via RBAC).
On Wed, Jul 13, 2016 at 8:55 AM, Farhad Sunavala <fs...@yahoo.com> wrote: > > Below is the latest spec for vlan-aware-vms > > > https://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html > <https://specs.openstack.org/openstack/neutron-specs/specs/liberty/vlan-aware-vms.html> > > > > I have a quick question on the above. (multi-tenancy). > > Assume the case of nested containers in a VM. > > Yes, the containers can be in different networks of the same tenant and > the above blue-print will handle the case very well. > How does it work when the containers are in different networks in > different tenants ? > > The trick is to create neutron ports (for the subports) and then link them > to the trunk port using > > neutron trunk-subport-add TRUNK \ > PORT[,SEGMENTATION-TYPE,SEGMENTATION-ID] \ > [PORT,...] > > > In the above command all the neutron ports (trunk ports and subports) > must be in the same tenant. > As far as I know, a tenant will not see neutron ports from another tenant. > Or will this command allow > neutron ports from different tenants to be attached ? > > Solution1: > > > C1(ten1) C2(ten2) > | | > -------------------------------- > OVS bridge inside VM > -------------------------------- > | > | Trunk port > | > ------------------------ > br-trunk (vlan-aware-vms spec) > -------------------------------------------- > > E.g. VM "X" consists of containers C1 in Tenant 1 with portID = C10000 > (network dn1) > container C2 in Tenant 2 with portID = C20000 (network dn2) > The trunk port of VM "X" is in tenant 100 with portID = T10000 (network dt) > > Will the above command allow a neutron trunk to have neutron sub-ports in > different tenants ? > > neutron trunk-subport-add T10000 \ > A vlan 10000 \ > B vlan 20000 > > > Solution2: > Have a separate trunk port for each tenant connected to the vM > > C1(Ten1) C2(Ten2) > | | > | | > ------------------------------- > OVS bridge inside VM > -------------------------------- > | | > |Trunk(Ten1) | (Trunk(Ten2) > | | > --------------------------------- > br-trunk (vlan-aware-vms spec) > --------------------------------------- > > If the approach is solution2, then the issue is that Nova will not > allow a neutron port to be attached to a VM (if the neutron port > belongs to another tenant). > > > Any pointers will be highly appreciated. > > thanks, > Farhad. > > > > > > > > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
