Skip to main content

A framework for controlling Multitenant Isolation, Connectivity and Reachability in a Hybrid Cloud Environment

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Masum Hasan , Abdelhadi Chari, David Fahed, Lew Tucker, Monique Morrow, Mark Malyon
Last updated 2012-09-01 (Latest revision 2012-02-29)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Multiple enterprises (tenants) consuming resources in a public Cloud shares the physical infrastructure of one or more DCs out of which the Cloud resources are serviced. Hence one of the major features that has to be supported in public Cloud DCs is multitenant isolation, which is realized via various DC isolation technologies, such as VLAN or VxLAN. In a hybrid Cloud environment where a public Cloud (more specifically off-premises public Cloud resources acquired by a tenant ) becomes an _extension_ of a tenant intranet or private Cloud, the multitenant isolation capability has to be extended beyond the public Cloud DCs. The multitenant isolation _domain_ has to span end-to-end from the tenant network or on-premises resources via the MAN/WAN and the public Cloud DC networks to tenant off-premises resources. While multitenant isolationI isolates one tenant from another (inter-hybrid Cloud isolation), an enterprise may desire controlled connectivity to a hybrid Cloud from another Cloud or network or tenant or select resources. In addition, there may be need for controlling direct reachability of resources within a hybrid Cloud itself (intra-hybrid Cloud). The tenant network may be connected to the public Cloud (DCs) over the Internet or a private IP/MPLS MAN/WAN owned or operated by a service provider, which also may support PPVPN (Provider Provided VPN) service, such as the L3 MPLS VPN. In this work we consider the latter type of network and describe a framework for supporting inter-hybrid Cloud multitenant isolation, inter-hybrid Cloud connectivity and intra-hybrid Cloud reachability.


Masum Hasan
Abdelhadi Chari
David Fahed
Lew Tucker
Monique Morrow
Mark Malyon

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)