Private VLANs have always been partially supported in CloudStack (for shared networks only), in versions prior to 4.14. Administrators could set up Isolated or Promiscuous PVLANs by creating their shared networks in which:

• Primary VLAN ID = secondary VLAN ID, for Promiscuous PVLANs
• Primary VLAN ID != secondary VLAN ID, for Isolated PVLANs

CloudStack 4.14 introduces some changes in the PVLAN support, by:

• Extending the existing support for shared networks and L2 networks (initially supported for the VMware hypervisor when using dvSwitches)
• Extending the PVLAN types to Isolated, Promiscuous and Community
• Allowing the administrators to explicitly select the PVLAN type on network creation, as on the image below:

The following table summarizes the communication between these different PVLAN types:

Within an L2 network or shared network, it is possible to create:

• 1 Promiscuous PVLAN
• 1 Isolated PVLAN
• Multiple Community PVLANs

Administrators must provide the PVLAN type and secondary VLAN ID as part of the ‘createNetwork’ API or through the UI.  If an admin requests a PVLAN which is not valid then a suitable error message will be returned, for example when:

• A promiscuous PVLAN ID is not the same as the Primary VLAN ID
• A community or isolated PVLAN ID which clashes with a PVLAN ID which is already in use on the same dvSwitch (i.e. the same physical network)

Nicolas Vazquez

Nicolas Vazquez is a Senior Software Engineer at ShapeBlue and is a PMC member of the Apache CloudStack project. He spends his time designing and implementing features in Apache CloudStack and can be seen acting as a release manager also. Nicolas is based in Uruguay and is a father of a young girl. He is a fan of sports, enjoy playing tennis and football. In his free time, he also enjoys reading and listening to economic and politics materials.