2015-07-07 23:46 GMT+02:00 Salvatore Orlando :
Even if VMs are in the same logical network, it should be possible to do
> isolation associating them with different security groups, in your case N
> security groups.
> For instance if VM1 and VM2 are associated respectively with security
> group SG1
allow_same_net_traffic shouldn't impact Neutron. In Neutron the network
shouldn't affect traffic flow (other than broadcasts of course).
On Tue, Jul 7, 2015 at 1:09 PM, Marco Mariani
wrote:
> 2015-07-07 20:52 GMT+02:00 Salvatore Orlando :
>
> If I understand correctly your use case security grou
Hello Marco,
more comments inline.
Salvatore
On 7 July 2015 at 22:09, Marco Mariani wrote:
> 2015-07-07 20:52 GMT+02:00 Salvatore Orlando :
>
> If I understand correctly your use case security groups can be probably
>> used to satisfy your goal with Neutron.
>>
>> Groups of isolated VMs in the
2015-07-07 20:52 GMT+02:00 Salvatore Orlando :
If I understand correctly your use case security groups can be probably
> used to satisfy your goal with Neutron.
>
> Groups of isolated VMs in the same network can be assigned to different
> security groups. Traffic among different groups will be dro
If I understand correctly your use case security groups can be probably
used to satisfy your goal with Neutron.
Groups of isolated VMs in the same network can be assigned to different
security groups. Traffic among different groups will be dropped unless
unable by a specific security group rule.
Hi,
I'm using Neutron+VLAN. Is it possible to isolate VMs in the same tenant
network, and filter traffic according to security rules?
In my understanding the allow_same_net_traffic in nova.conf only affects
nova-network and not Neutron behavior.
On the same note, I'd like to forbid traffic to be
