That's a tricky one.... well the solution is not simple but not impossible either... As you said you are on icehouse then it means that we can migrate from nova-network to neutron or nova-network also supports VLAN. Having said that I am assuming that we can restart the VM's that are present on the environment(Only If Required).

So here is what I can suggest you :-

  1. Create snapshots and backup of configuration so that in case something bad happens we can restore everything back to its original state( I suggest if you have some dummy machines also test the backup that you have created)

  2. Enable VLAN networking in nova-network

  3. Create a VLAN network. Follow this in case of any issues -

  4. Create VM's in this VLAN network and see if it works.(IP from dhcp, pinging, basic stuff)

  5. Create a virtual router

  6. Take an IP from the DHCP network and IP from VLAN network and add them as router interfaces.

  7. Ping VM1 to VM2 where VM1 is in dhcpflat network and VM2 is in the newly created VLAN network(should work)

Once you have done that though you will be technically having 2 network's i.e. one pre exsisting dhcp network and one VLAN network but still you will be able to ping machines as the networks are connected via the router. Another thing is now your networking has become scalable and you can create as number of networks as you want .