Private vlans in OVS

Hey guys,

for DMZ’s I would love to support private VLANs - meaning each VM can not communicate with any other system, except the router that does the upstream connection.

It is possible with OVS by adding some flows.
https://wiki.libvirt.org/page/OVS_and_PVLANS

It would be nicest if I could basically configure this as a vnet property though.

Do you think it would be possible to do this WITH OpenNebula? How would I go about it?