GitHub user TadiosAbebe added a comment to the discussion: Shared network issue
on advanced zone with security group
The thing is, I couldn't not say the docker chain is dropping the traffic
because that chain is on all the other hosts and it is not affecting them
One thing i know for sure right now is that, the security group iptables rules
are interfering with the isolated network traffic. cause i created a new
service offering without a security group and launching a vm on that security
group doesn't interrupt existing isolated network traffic on the same host.
On a similar not i have a follow up question.
1. the reason i needed to create a shared network is mainly for public traffic
for guest vms that need direct public ip to virtual machine without a VR, and i
am only able to create the shared network on physical network 3(which is the
bridge that have guest traffic type), will i be having any issue
architecturally residing public traffic on guest traffic type
2. what issue would i be having if i create different shared network with the
same vid(by enabling vlan id overlap) for different domains and set different
start and end ip range. So for example
- domain1 -> share-net-domain1[vid: 12 gw: 172.19.1.1 netmask:
255.255.255.0 start_ip: 172.19.1.5 end_ip: 172.19.1.10]
- domain2 -> share-net-domain1[vid: 12 gw: 172.19.1.1 netmask:
255.255.255.0 start_ip: 172.19.1.11 end_ip: 172.19.1.15]
- domain3 -> share-net-domain1[vid: 12 gw: 172.19.1.1 netmask:
255.255.255.0 start_ip: 172.19.1.16 end_ip: 172.19.1.20]
- from my understanding if i do the above, user on domain1 can only use ip
172.19.1.5-172.19.1.10 securiy groups will prevent him from stealing and
manually assigning an ip from domain2. is this correct?
GitHub link:
https://github.com/apache/cloudstack/discussions/11955#discussioncomment-14845753
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
