[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dummy SecurityGroup Provider for VXLAN/VLAN in Advanced Networking


I suppose it's a nice solution as shorthand workaround. But in the
long-term perspective, I believe all stuff related to (SO, network) must be

- A SO may have different bandwidth limitation for different networks;
- Your case with SGs: for certain networks, SGs may be excessive.

I think that we need improving SO definition with some kind of allocation
rules which combine (SG: Boolean, Bandwidth: Long, NetworkOffering),
so, every SO, when being used with VM and a certain network of
NetworkOffering must apply the rule which defines SG facility and bandwidth.

пт, 7 дек. 2018 г. в 07:49, Wido den Hollander <wido@xxxxxxxxx>:

> Hi,
> I'm looking into this setup:
> Advanced zone with VXLAN
> - Guest Network 1: Network Offering with SG
> - Guest Network 2: Network Offering WITHOUT SG
> This doesn't work as the zone has SG enabled and thus all guest networks
> require SG.
> I wonder why each Guest Networks needs to have SG enabled. For KVM for
> example it shouldn't be a technical requirement. As VXLAN (or even
> VLANs) provide the isolation between different networks you should be
> able to have one network with SG and the other without SG.
> Does anybody know why each Guest network needs SG?
> Now, I was thinking about creating 'DummySecurityGroupProvider' which
> says 'true' to everything you ask it, but in reality doesn't do
> anything. This way you could use that provider in a network offering and
> work around this.
> Would that make sense to people?
> Wido

With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell RU: +7-923-414-1515
Cell USA: +1-201-257-1512
WWW: <>