Isolated network
When a network is created, a broadcast domain is available to plug ports. It should be interesting to proposed an option on the network creation that enable the isolation between ports in a same broadcast domain (network), similar to a common use of private VLANs with isolated port technologies (RFC 5517). This prevents communication between VMs on the same logical switch.
This functionality could address the use cases where we create a shared network between tenants, for example. This should also work with a provider network.
Blueprint information
- Status:
- Complete
- Approver:
- Mark McClain
- Priority:
- Medium
- Drafter:
- Édouard Thuleau
- Direction:
- Approved
- Assignee:
- Édouard Thuleau
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Needs Code Review
- Milestone target:
-
next
- Started by
- Édouard Thuleau
- Completed by
- Armando Migliaccio
Related branches
Related bugs
Sprints
Whiteboard
Nov-20-2015(armax): If someone is interested in pursuing it, this must be re-submitted according to guidelines defined in [1].
[1] http://
-----------------
4-Sep: Moving to Next since it will not merge by H3 deadline.
16-Jul: Moving to H3 as this is unlikely to merge prior to H2 deadline.
Add network isolated extension and base class
Addressed by https:/
Add OVS isolated network implementation and l3 agent ARP proxy support
Addressed by https:/
Gerrit topic: https:/
Update 2013-05-29
-------
As this blueprint covers several areas (API and OVS plugin at least), I have set Mark McClain as approver.
From the API side, this is a sensible extension with very valid use cases.
I will comment on spec & impl on gerrit.
