IBM Cloud - Structured Ideas

Welcome to the idea portal for structured ideas (i.e. product feature requests) - A more integrated and automated feedback system to connect your product improvement ideas with IBM product and engineering teams.  Happy submitting!

 

NOTE: All IBM employees must enter Ideas through this Ideas Portal.

Transit VLAN Spanning

Currently we have two options to link two PODs, using VLAN Spanning (which allows secondary IP addresses to be created on servers to bypass VLAN separation on Vyatta), or using a VPN over public interface (which makes DDOS attacks possible). 

I would like to propose that Transit VLAN spanning be developed, to allow spanning between all transit VLANs in the account. This would enable connection between Vyatta gateways, but all other servers would only be able to access other VLANs via the Vyatta managing the traffic. This should be possible to automate, as Bluemix Infrastructire already knows which VLANs are transit VLANs (can have only Vyatta gateways on them) and which are not (can have servers on them).

This would avoid diffcult questions with Enterprise customer security, who currently have to choose between ability for administrators to bypass security, or using public interfaces for communication. It is hard to ascertain how many users are impacted, as this affects instead whole accounts, and I've certainly had to have this conversation with a dozen or so accounts in the last year.

  • Guest
  • May 12 2017
  • Attach files
  • Admin
    CHRISTOPHER BIEHLE commented
    18 Jun 15:45

    The stragegic direction to obsucre the POD and VLAN boundaries is VPC on Classic combined with Gateway and NFV bring your own gateway/firewall/appliance. This will not be implemented on classic.

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions