Sheng, Thanks for the FS. Couple of points in FS that made me curious of the rational behind it.
Why do you want to all the end user VM's (except for DHCP server VM) in shared network to be connected only to I-port's. This means that even VM's of same user can not talk to each other, right? Is'nt it too restrictive? How about having community secondary VLAN per user with which they gets the isolation and their VM's can talk to each other? Only down side is there is additional effort of managing pool of secondary community VLAN's or there are other challenges? Approach proposed for Xen and KVM which does not support PVLAN is interesting. So do you expect the admin to setup these flows on each KVM/Xen hypervisor? Or CloudStack will be responsible for set-up of flow tables as well? Thanks. On 17/04/13 5:01 AM, "Sheng Yang" <sh...@yasker.org> wrote: >Hi all, > >I am current working on a new mechanism to archive isolation for advance >shared network. It took advantage of PVLAN feature of Cisco switch, to >achieve isolation using a simpler way. > >Here is the FS. You probably need to read references(in the link) to get >an >idea of PVLAN first. > >https://cwiki.apache.org/CLOUDSTACK/pvlan-for-isolation-within-a-vlan.html > >Thanks! > >--Sheng >
