Re: External networks mapping

zpeewee · ‎10-27-2010

When you create several external networks, all of them are visible and automatically mapped inside each provider vdc.

If you want to configure a mapping like 1 provider Vdc = 1 organization = 1 organization Vdc (meaning complete resource isolation)

then the external network is common to several organization which break the isolation in case of a bad manipulation when creating a organization network for example.

Is there a way to avoid the automatic mapping ?

Thanks

Regards

_morpheus_ · ‎10-27-2010

External networks are not mapped to provider VDC's. A provider VDC can use any external network that's visible to it.

If you don't want a given external network to be used by more than one organization, then you control that at the organization network level. If you have two orgs, then you need to create two external networks (on different L2 networks) and make sure that each organization's networks are only associated with one external network.

manythanks · ‎11-26-2010

you can also use internal pool (internal network) per ORG and use exernal router on the specific vlans used on those internal networks per ORG, then use access-lists for isolation. you can also use a router (or a VRF on same phycial router) per ORG internal network vlan for total isolation.

All

External networks mapping