Restrict access to subnet on provider network

asked 2017-02-06 09:32:33 -0500

marcblabla gravatar image

Hi there

We have a OpenStack Newton installation, installed with Fuel.

In this we have a flat provider network, "ext_net", with 2 subnets(not actually ip's):

  1. subnet1 - 10.0.2.0/27
  2. subnet2 - 10.0.3.0/28

This works as intended. When a project allocates a floating IP, it gets one from "subnet1" or "subnet2". Once this IP is associated with a instance, the instance has access to the internet. All good.

But is there any way of restricting the access to "subnet2"(or "subnet1") on a projects base?
E.g. if I have two projects, project "foo" and project "bar". Is it then possible to setup project "foo" to only get floating IP's from "subnet1" and project "bar" to only get floating IP's from "subnet2" of "ext_net"?

Best. .Marc

edit retag flag offensive close merge delete

Comments

Have a look at subnet service types.

Bernd Bausch gravatar imageBernd Bausch ( 2017-02-06 18:47:49 -0500 )edit