Skip to Main Content
IBM Cloud - Structured Ideas

This portal is to open public enhancement requests against IBM Cloud and its products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

IBM Cloud Support Center ( – Use this site for any IBM Cloud defect or support need.

Stack Overflow ( – Use this site for IBM Cloud technical Q&A using the tag "ibm-cloud". - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories VLAN
Created by Guest
Created on May 12, 2017

Transit VLAN Spanning

Currently we have two options to link two PODs, using VLAN Spanning (which allows secondary IP addresses to be created on servers to bypass VLAN separation on Vyatta), or using a VPN over public interface (which makes DDOS attacks possible). 

I would like to propose that Transit VLAN spanning be developed, to allow spanning between all transit VLANs in the account. This would enable connection between Vyatta gateways, but all other servers would only be able to access other VLANs via the Vyatta managing the traffic. This should be possible to automate, as Bluemix Infrastructire already knows which VLANs are transit VLANs (can have only Vyatta gateways on them) and which are not (can have servers on them).

This would avoid diffcult questions with Enterprise customer security, who currently have to choose between ability for administrators to bypass security, or using public interfaces for communication. It is hard to ascertain how many users are impacted, as this affects instead whole accounts, and I've certainly had to have this conversation with a dozen or so accounts in the last year.

Idea priority High
  • Guest
    Jun 18, 2019

    The stragegic direction to obsucre the POD and VLAN boundaries is VPC on Classic combined with Gateway and NFV bring your own gateway/firewall/appliance. This will not be implemented on classic.