← Back to branch summary

~ubuntu-branches/ubuntu/quantal/nova/quantal-proposed

« back to all changes in this revision

Viewing changes to doc/source/adminguide/network.vlan.rst

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2010-12-13 10:17:01 UTC
  • mto: This revision was merged to the branch mainline in revision 8.
  • Revision ID: james.westby@ubuntu.com-20101213101701-txhhqbzsxw4avnxv
Tags: upstream-2011.1~bzr456
ImportĀ upstreamĀ versionĀ 2011.1~bzr456

Show diffs side-by-side

added added

removed removed

Lines of Context:
doc/source/adminguide/network.vlan.rst
50
50
Goals
51
51
-----
52
52
 
53
 
* each project is in a protected network segment
 
53
For our implementation of Nova, our goal is that each project is in a protected network segment. Here are the specifications we keep in mind for meeting this goal.
54
54
 
55
55
  * RFC-1918 IP space
56
56
  * public IP via NAT
59
59
  * limited (project-admin controllable) access to other project segments
60
60
  * all connectivity to instance and cloud API is via VPN into the project segment
61
61
 
62
 
* common DMZ segment for support services (only visible from project segment)
 
62
We also keep as a goal a common DMZ segment for support services, meaning these items are only visible from project segment:
63
63
 
64
64
  * metadata
65
65
  * dashboard
66
66
 
67
 
 
68
67
Limitations
69
68
-----------
70
69
 
 
70
We kept in mind some of these limitations: 
 
71
 
71
72
* Projects / cluster limited to available VLANs in switching infrastructure
72
73
* Requires VPN for access to project segment
73
74
 
74
 
 
75
75
Implementation
76
76
--------------
77
77
Currently Nova segregates project VLANs using 802.1q VLAN tagging in the