Happy new year!
I have a question about network isolation with OVS and OpenNebula, by default the VLAN id is the same for a given virtual network (using the network id plus an integer or using VLAN_ID parameter) but, it would be also possible to isolate the same virtual network between different users or groups?. As example using a variable that could change after each VM template instantiation:
VLAN_ID = “$USER[ID]”
that’s possible? or even set the variable from OpenvSwitch.rb script
I have a question about network isolation with OVS and OpenNebula, by
default the VLAN id is the same for a given virtual network (using the
network id plus an integer or using VLAN_ID parameter) but, it would
be also possible to isolate the same virtual network between different
users or groups?. As example using a variable that could change after
each VM template instantiation:
VLAN_ID = “$USER[ID]”
that’s possible? or even set the variable from OpenvSwitch.rb script
I hope I understand your question:
you have one OpenNebula network
users instantiate a VM template using that network
you want a per user isolated network of the instantiated VMs.
Is that the question?
If it is, I think it’s related to a request I made[1].
We workaround this issue[2]:
each user has networks with the same name and automatic VLAN_ID
assignment[3]
VM templates declare networks by NAME without the UNAME
When a user start a VM template, oned search for a network with the
declared name owned by the current user, since the VM template do not
set the UNAME.
Yes, exactly that’s my question. I didn’t know if someone else was trying this.
Thanks for the workaround, I thought also to split a class C network in different virtual networks for our users and groups, but if you are able to set the vlan id during the instantiation time this will simplify the system management a lot. Another option probably is to change OpenvSwitch.rb script a bit… but I didn’t try that yet
I think that this question is also valid if you are using vxlan (and you don’t have the limitation of number of users or groups)
Yes, exactly that’s my question. I didn’t know if someone else was trying this.
but if you are able to set the vlan id during the instantiation time
No, you just leave the VLAN_ID blank when creating the network for each
user, it will be resolved by oned automatically, but you must take care
that the auto-generated VLAN_ID will not conflict with any existing
VLAN.
Our use case is to have two Open vSwitch bridges, one with a trunk to
physical switches to get outside connectivity[1], and another one
without any connection to physical network interface[2].
The networks on the physical bridge have their VLAN_ID fixed to be
coherent with the physical infrastructure.
The networks on the nebula bridge have their VLAN_ID blank to let ONE
calculate them.
Another option probably is to change OpenvSwitch.rb script a
bit… but I didn’t try that yet
Sound a little bit more complicated to me and prone to incompatibility
with future version of OpenNebula
Regards.
Footnotes:
[1] we generally call it physical with a linux bond interface as trunk