Ask Your Question
0

VM traffic isolation in same tenant network

asked 2017-07-07 09:29:51 -0500

Elangovan Anganann gravatar image

I have several VMs connected to one tenant network (self-service network) - 192.168.1.0/24

VM1 - 192.168.1.11
VM2 - 192.168.1.12
VM3 - 192.168.1.13
...

I want the VMs to communicate with Internet; But I don't want the VMs to communicate with each other.

How to achieve this?

edit retag flag offensive close merge delete

Comments

Try setting up a security group that blocks traffic with a rule such as

openstack security group rule create --remote-ip YOU_CIDR

Where your CIDR is the address of the server from which you want to reach the VMs. I haven't tested this; you have to experiment with the parameters.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-08 21:06:45 -0500 )edit

3 answers

Sort by ยป oldest newest most voted
0

answered 2017-07-07 14:49:46 -0500

Why don't you segregate them on three different tenant networks?

In theory you could achieve that result with actual setup and security groups, even if it is much more complicated.

edit flag offensive delete link more

Comments

We might create 1000 VMs. For each VM, creating a tenant network (1000 tenant networks) is too resource intensive.

Elangovan Anganann gravatar imageElangovan Anganann ( 2017-07-07 22:02:37 -0500 )edit
0

answered 2017-07-07 15:03:15 -0500

Micha gravatar image

Either Tenant Segregation or using the FWaaS module. Using security Groups woulkd be quite a hassler.

edit flag offensive delete link more

Comments

How to isolate VM traffic using tenant segregation or FWaaS module? Is there any article explaining this?

Elangovan Anganann gravatar imageElangovan Anganann ( 2017-07-07 22:01:37 -0500 )edit
0

answered 2017-07-08 06:16:29 -0500

gxgung gravatar image

On a provider network, you can control traffic via SW or Firewall rules.

Since this is a self-serviced network, the only chance you have is to control this via security groups. Also, if you have admin on the VM, you can control this with VM firewall.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-07-07 09:29:51 -0500

Seen: 201 times

Last updated: Jul 07 '17