Re: [Openstack] Security group isolation on same physical host--perhaps needs to enhance openstack security on multihost model

Hi, The same situation I also met,I think that would be security hole of openstack that should be resolved, hope someone could fix it. If you use 1xNetwork+Nxcompute model, the VMs on compute node could not touch each other, but if you use multihost model, means each node run network+compute s

Re: [Openstack] how to forbid the instances communicating on the same host but different bridges and vlans?

Vish, Thanks for your replay. Yes,I allowed icmp ping from 0.0.0.0/0, but the question is , i think the different instance in different tenant and vlan on the same compute node should not touch each other, admin03(192.168.2.3) in VLAN 200 and 201 should only could get ip touch to the same tena