Hello, Context: - openstack liberty - ubuntu trusty - neutron networking with vxlan tunnels
we have been running Openstack with a single external network so far. Now we have a specific VLAN in our datacenter with some hardware boxes that need a connection to a specific tenant network. To make this possible I changed the configuration of the network node to support multiple external networks. I am able to create a router and set as external network the new physnet where the boxes are. Everything looks nice except that all the projects can benefit from this new external network. In any tenant I can create a router, and set the external network and connect to the boxes. I cannot restrict it to a specific tenant. I found this piece of documentation: https://wiki.openstack.org/wiki/Neutron/sharing-model-for-external-networks So it looks like it is impossible to have a flat external network reserved for 1 specific tenant. I also tried to follow this documentation: http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.html But it does not specify if it is possible to specify a policy for an external network to limit the sharing. It did not work for me so I guess this does not work when the secret network I want to create is external. There is an action --action access_as_external that is not clear to me. Also look like this feature is evolving in Newton: http://docs.openstack.org/draft/networking-guide/config-rbac.html Anyone has tried similar setups ? What is the minimum openstack version to get this done ? thank you Saverio _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators