Description
To support full virtual network multitenancy, OpenNebula must allow administrators to delegate VLAN management to tenants. This delegation enables tenants to select the VLAN identifier to which a virtual network interface (vNIC) will be attached, from a predefined set of allowed VLAN ranges (referred to as a VLAN Group).
The following requirements define the scope of this functionality:
- The delegated identifier space supports both IEEE 802.1Q (VLAN tagging) and IEEE 802.1ad (QinQ). Tenants must be able to define trunk vNICs using the delegated identifier set.
- VLAN identifier sets must be defined using a flexible syntax that supports individual VLAN IDs and ranges (e.g. 1, 33, 400-700, 1000-2340). A shorthand notation to represent the full VLAN ID space (1-4096) must also be supported.
- VLAN Groups have a defined scope, meaning that VLAN IDs apply only to a specific:
- Point of Presence (PoP), modeled as an OpenNebula Cluster, or
- Physical interface or switch, modeled as an OpenNebula Virtual Network.
- VLAN Groups may define overlapping VLAN ID ranges for different tenants within the same PoP or physical interface.
- A VLAN Group may optionally define an overlay mapping, allowing a given VLAN ID (802.1Q) to be associated with a delegated set of VXLAN Network Identifiers (VNIs).
Use case
Interface Changes
New group of command onevlangroup: create, delete, show, chown, chmod, update, clone, rename and info
Additional Context
Progress Status
Description
To support full virtual network multitenancy, OpenNebula must allow administrators to delegate VLAN management to tenants. This delegation enables tenants to select the VLAN identifier to which a virtual network interface (vNIC) will be attached, from a predefined set of allowed VLAN ranges (referred to as a VLAN Group).
The following requirements define the scope of this functionality:
Use case
Interface Changes
New group of command
onevlangroup:create,delete,show,chown,chmod,update,clone,renameandinfoAdditional Context
Progress Status