Assign some external networks to specific tenant or project? [closed]

asked 2015-02-09 09:12:10 -0600

elpidos gravatar image

updated 2015-02-12 07:56:22 -0600

Hello Folks,

We created about 20 external networks and want to control permission for external networks based on tenants (or projects). For example, we want to control that tenant1 (or project1) can see only external network 1 and external network 2. I could not find solution for this. Is this possible in OpenStack?

Thank you so much

We use icehouse and neutron for the network deployment. Our architecture is like this. Controller_node, Network_node, Compute_node... We used GRE for the Instance LAN and VLAN for the external network connections. We used single trunk port on the Network Node for the external connections.. We want to assign two external networks (or provider networks) having VLAN2, and VLAN3 to project1, and other two external networks (VLAN4, VLAN 5) to project2.. I want to disable VLAN4, and VLAN5 to project1. Any solutions?


I found a solution for this...

I don't think there is a way to do this from dashboard. However, there is an option field to designate tenant_id using commnad line. $neutron net-create some-network --tenant-id "tenant uuid ..." .... please note you may not want to add --shared option ..... $neutron subnet-create some-network --name some-subnet --tenant-id "tenatn uuid ..."

It works but problem is that external network assigned to specific tenant is shown to other tenant from the network topology diagram though it is disabled to use or see internal to other tenants... I hope it is hidden from the network topology. I might change the code ...... I hope this is implemented in future version..

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by elpidos
close date 2015-02-12 07:56:45.092013


You may want to provide additional information like, are you using nova-network or neutron? and deployment model you implemented.

jtaguinerd gravatar imagejtaguinerd ( 2015-02-11 07:24:32 -0600 )edit

I updated my questions according to @jtaguinerd 's advice. Please re-read the question. Any comments or advice will be welcome. Thanks.

elpidos gravatar imageelpidos ( 2015-02-11 08:00:19 -0600 )edit


I am facing a similar issue. I want to be able to assign 'ext-nets' provided by different vlans to multiple clients. But all clients have the potential to see other clients 'ext-nets' and worse yet, create routers on them! Any advice greatly appreciated! (OS Kilo, Neutron/OVS)

rmart04 gravatar imagermart04 ( 2015-11-15 10:04:21 -0600 )edit