osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dummy SecurityGroup Provider for VXLAN/VLAN in Advanced Networking


Wido,

I suppose it's a nice solution as shorthand workaround. But in the
long-term perspective, I believe all stuff related to (SO, network) must be
reimplemented.

Cases
- A SO may have different bandwidth limitation for different networks;
- Your case with SGs: for certain networks, SGs may be excessive.

I think that we need improving SO definition with some kind of allocation
rules which combine (SG: Boolean, Bandwidth: Long, NetworkOffering),
so, every SO, when being used with VM and a certain network of
NetworkOffering must apply the rule which defines SG facility and bandwidth.

пт, 7 дек. 2018 г. в 07:49, Wido den Hollander <wido@xxxxxxxxx>:

> Hi,
>
> I'm looking into this setup:
>
> Advanced zone with VXLAN
>
> - Guest Network 1: Network Offering with SG
> - Guest Network 2: Network Offering WITHOUT SG
>
> This doesn't work as the zone has SG enabled and thus all guest networks
> require SG.
>
> I wonder why each Guest Networks needs to have SG enabled. For KVM for
> example it shouldn't be a technical requirement. As VXLAN (or even
> VLANs) provide the isolation between different networks you should be
> able to have one network with SG and the other without SG.
>
> Does anybody know why each Guest network needs SG?
>
> Now, I was thinking about creating 'DummySecurityGroupProvider' which
> says 'true' to everything you ask it, but in reality doesn't do
> anything. This way you could use that provider in a network offering and
> work around this.
>
> Would that make sense to people?
>
> Wido
>


-- 
With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell RU: +7-923-414-1515
Cell USA: +1-201-257-1512
WWW: http://bitworks.software/ <http://bw-sw.com/>