diff --git a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
index fe5a2838be1..e92fb8bf227 100644
--- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
+++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
@@ -96,7 +96,7 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd {
         
         DataCenter zone = _configService.getZone(getZoneId());
         if (zone.getNetworkType() == NetworkType.Advanced) {
-            List<? extends Network> networks = _networkService.getVirtualNetworksOwnedByAccountInZone(getAccountName(), getDomainId(), getZoneId());
+            List<? extends Network> networks = _networkService.getVirtualNetworksForAccountInZone(getAccountName(), getDomainId(), getZoneId());
             if (networks.size() == 0) {
                 throw new InvalidParameterValueException("Account name=" + getAccountName() + " domainId=" + getDomainId() + " doesn't have virtual networks in zone " + getZoneId());
             }
diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java
index 39ee0a321f8..87fbbd9d9e2 100644
--- a/api/src/com/cloud/network/Network.java
+++ b/api/src/com/cloud/network/Network.java
@@ -232,4 +232,6 @@ public interface Network extends ControlledEntity {
 
     List<String> getTags();
 
+    boolean isDomainSpecific();
+
 }
diff --git a/api/src/com/cloud/network/NetworkProfile.java b/api/src/com/cloud/network/NetworkProfile.java
index 64da475b91d..7f735bd0e02 100644
--- a/api/src/com/cloud/network/NetworkProfile.java
+++ b/api/src/com/cloud/network/NetworkProfile.java
@@ -51,6 +51,7 @@ public class NetworkProfile implements Network {
     private String networkDomain;
     private boolean isSecurityGroupEnabled;
     private List<String> tags;
+    private boolean isDomainSpecific;
 
     public NetworkProfile(Network network) {
         this.id = network.getId();
@@ -74,6 +75,7 @@ public class NetworkProfile implements Network {
         this.networkDomain = network.getNetworkDomain();
         this.domainId = network.getDomainId();
         this.isSecurityGroupEnabled = network.isSecurityGroupEnabled();
+        this.isDomainSpecific = network.isDomainSpecific();
     }
 
     @Override
@@ -205,4 +207,10 @@ public class NetworkProfile implements Network {
     public boolean isSecurityGroupEnabled() {
         return isSecurityGroupEnabled;
     }
+
+    @Override
+    public boolean isDomainSpecific() {
+        return isDomainSpecific;
+    }
+    
 }
diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java
index d44a9f02448..2353ae086aa 100644
--- a/api/src/com/cloud/network/NetworkService.java
+++ b/api/src/com/cloud/network/NetworkService.java
@@ -38,7 +38,7 @@ import com.cloud.user.Account;
 
 public interface NetworkService {
 
-    List<? extends Network> getVirtualNetworksOwnedByAccountInZone(String accountName, long domainId, long zoneId);
+    List<? extends Network> getVirtualNetworksForAccountInZone(String accountName, long domainId, long zoneId);
 
     List<? extends NetworkOffering> listNetworkOfferings();
 
diff --git a/server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java b/server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
index cc6ca6b0f99..4fc2dbb98aa 100644
--- a/server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
+++ b/server/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java
@@ -71,7 +71,6 @@ import com.cloud.utils.component.ComponentLocator;
 import com.cloud.utils.component.Inject;
 import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.db.DB;
-import com.cloud.utils.db.GlobalLock;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.nio.Link;
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index 4c8f814e502..6e4e4d9386b 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -248,7 +248,9 @@ public enum Config {
 	SubDomainNetworkAccess("Advanced", NetworkManager.class, Boolean.class, "allow.subdomain.network.access", "true", "Allow subdomains to use networks dedicated to their parent domain(s)", null),
 	EncodeApiResponse("Advanced", ManagementServer.class, Boolean.class, "encode.api.response", "false", "Do UTF-8 encoding for the api response, false by default", null),
 	DnsBasicZoneUpdates("Advanced", NetworkManager.class, String.class, "network.dns.basiczone.updates", "all", "This parameter can take 2 values: all (default) and pod. It defines if DHCP/DNS requests have to be send to all dhcp servers in cloudstack, or only to the one in the same pod", "all,pod"),
-	ClusterMessageTimeOutSeconds("Advanced", ManagementServer.class, Integer.class, "cluster.message.timeout.seconds", "300", "Time (in seconds) to wait before a inter-management server message post times out.", null);
+	ClusterMessageTimeOutSeconds("Advanced", ManagementServer.class, Integer.class, "cluster.message.timeout.seconds", "300", "Time (in seconds) to wait before a inter-management server message post times out.", null),
+	DomainVirtualNetgwork("Advanced", NetworkManager.class, Boolean.class, "domain.level.virtual.network", "false", "True if domain level virtual network is supported, false otherwise", null);
+
 	
 	private final String _category;
 	private final Class<?> _componentClass;
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 81b0adc6a70..8d6411bd40c 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -2024,7 +2024,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
         if (associateIpRangeToAccount) {
             _networkMgr.associateIpAddressListToAccount(userId, account.getId(), zoneId, vlan.getId(), network);
             if (network == null) {
-                List<? extends Network> networks = _networkMgr.getVirtualNetworksOwnedByAccountInZone(account.getAccountName(), account.getDomainId(), zoneId);
+                List<? extends Network> networks = _networkMgr.getVirtualNetworksForAccountInZone(account.getAccountName(), account.getDomainId(), zoneId);
                 network = networks.get(0);
             }
             if (network == null) {
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index f2afeca5e95..770ef06e0d6 100644
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -104,7 +104,7 @@ public interface NetworkManager extends NetworkService {
      *            TODO
      * @return - list of IP addresses
      */
-    List<IPAddressVO> listPublicIpAddressesInVirtualNetwork(long accountId, long dcId, Boolean sourceNat, Long associatedNetworkId);
+    List<IPAddressVO> listPublicIpAddressesInVirtualNetwork(Long accountId, long dcId, Boolean sourceNat, Long associatedNetworkId);
 
     List<NetworkVO> setupNetwork(Account owner, NetworkOfferingVO offering, DeploymentPlan plan, String name, String displayText, boolean isShared, boolean isDefault)
             throws ConcurrentOperationException;
@@ -201,11 +201,13 @@ public interface NetworkManager extends NetworkService {
 
     String getIpOfNetworkElementInVirtualNetwork(long accountId, long dataCenterId);
 
-    List<NetworkVO> listNetworksForAccount(long accountId, long zoneId, GuestIpType guestType, Boolean isDefault);
+    List<NetworkVO> listNetworksForAccount(long accountId, long zoneId, GuestIpType guestType, Boolean isDefault, long domainId);
 
     IPAddressVO markIpAsUnavailable(long addrId);
     
     public String acquireGuestIpAddress(Network network, String requestedIp);
 
     String getGlobalGuestDomainSuffix();
+
+    boolean isDomainGuestVirtualNetworkSupported();
 }
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 8f30d51736c..348c8cc49bf 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -232,6 +232,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     String _networkDomain;
     int _cidrLimit;
     boolean _allowSubdomainNetworkAccess;
+    boolean _supportDomainLevelVirtualNetwork;
 
     private Map<String, String> _configs;
     
@@ -375,7 +376,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             }
 
             IPAddressVO sourceNat = null;
-            List<IPAddressVO> addrs = listPublicIpAddressesInVirtualNetwork(ownerId, dcId, null, network.getId());
+            List<IPAddressVO> addrs = listPublicIpAddressesInVirtualNetwork(null, dcId, true, network.getId());
             if (addrs.size() == 0) {
                 // Check that the maximum number of public IPs for the given accountId will not be exceeded
                 if (_accountMgr.resourceLimitExceeded(owner, ResourceType.public_ip)) {
@@ -383,7 +384,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 }
 
                 if (s_logger.isDebugEnabled()) {
-                    s_logger.debug("assigning a new ip address in " + dcId + " to " + owner);
+                    s_logger.debug("assigning a new source nat ip address in " + dcId + " to " + owner + " for the network " + network);
                 }
 
                 // If account has Account specific ip ranges, try to allocate ip from there
@@ -512,13 +513,17 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public List<? extends Network> getVirtualNetworksOwnedByAccountInZone(String accountName, long domainId, long zoneId) {
+    public List<? extends Network> getVirtualNetworksForAccountInZone(String accountName, long domainId, long zoneId) {
         Account owner = _accountMgr.getActiveAccount(accountName, domainId);
         if (owner == null) {
             throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", permission denied");
         }
 
-        return _networksDao.listBy(owner.getId(), zoneId, GuestIpType.Virtual);
+        if (_supportDomainLevelVirtualNetwork) {
+            return _networksDao.listDomainSpecificNetworks(domainId, zoneId, GuestIpType.Virtual);
+        } else {
+            return _networksDao.listBy(owner.getId(), zoneId, GuestIpType.Virtual);
+        }
     }
 
     @Override
@@ -561,7 +566,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
         // Check that network belongs to IP owner - skip this check for Basic zone as there is just one guest network, and it
         // belongs to the system
-        if (zone.getNetworkType() != NetworkType.Basic && network.getAccountId() != ipOwner.getId()) {
+        
+        if (!network.getIsShared() && network.getAccountId() != ipOwner.getId()) {
             throw new InvalidParameterValueException("The owner of the network is not the same as owner of the IP");
         }
 
@@ -811,6 +817,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("Network-Scavenger"));
         
         _allowSubdomainNetworkAccess = Boolean.valueOf(_configs.get(Config.SubDomainNetworkAccess.key()));
+        _supportDomainLevelVirtualNetwork = Boolean.valueOf(_configs.get(Config.DomainVirtualNetgwork.key()));
 
         s_logger.info("Network Manager is configured.");
 
@@ -837,9 +844,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public List<IPAddressVO> listPublicIpAddressesInVirtualNetwork(long accountId, long dcId, Boolean sourceNat, Long associatedNetworkId) {
+    public List<IPAddressVO> listPublicIpAddressesInVirtualNetwork(Long accountId, long dcId, Boolean sourceNat, Long associatedNetworkId) {
         SearchCriteria<IPAddressVO> sc = IpAddressSearch.create();
-        sc.setParameters("accountId", accountId);
+        
+        if (accountId != null) {
+            sc.setParameters("accountId", accountId);
+        }
+        
         sc.setParameters("dataCenterId", dcId);
         if (associatedNetworkId != null) {
             sc.setParameters("associatedWithNetworkId", associatedNetworkId);
@@ -869,7 +880,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         }
         try {
 
-            if (predefined == null || (predefined.getCidr() == null && predefined.getBroadcastUri() == null && predefined.getBroadcastDomainType() != BroadcastDomainType.Vlan)) {
+            if (predefined == null || (predefined.getCidr() == null && predefined.getBroadcastUri() == null && predefined.getBroadcastDomainType() != BroadcastDomainType.Vlan && !isShared)) {
                 List<NetworkVO> configs = _networksDao.listBy(owner.getId(), offering.getId(), plan.getDataCenterId());
                 if (configs.size() > 0) {
                     if (s_logger.isDebugEnabled()) {
@@ -882,7 +893,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                         return configs;
                     }
                 }
-            } else if (predefined != null && predefined.getCidr() != null && predefined.getBroadcastUri() == null && predefined.getBroadcastUri() == null) {
+            } else if (predefined != null && predefined.getCidr() != null && predefined.getBroadcastUri() == null && predefined.getBroadcastUri() == null && !isShared) {
                 List<NetworkVO> configs = _networksDao.listBy(owner.getId(), offering.getId(), plan.getDataCenterId(), predefined.getCidr());
                 if (configs.size() > 0) {
                     if (s_logger.isDebugEnabled()) {
@@ -1526,8 +1537,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
         // Check if the network is domain specific
         if (cmd.getDomainId() != null && cmd.getAccountName() == null) {
-            if (networkOffering.getTrafficType() != TrafficType.Guest || networkOffering.getGuestType() != GuestIpType.Direct) {
-                throw new InvalidParameterValueException("Domain level networks are supported just for traffic type " + TrafficType.Guest + " and guest Ip type " + GuestIpType.Direct);
+            if (networkOffering.getTrafficType() != TrafficType.Guest) {
+                throw new InvalidParameterValueException("Domain level networks are supported just for traffic type " + TrafficType.Guest);
             } else if (isShared == null || !isShared) {
                 throw new InvalidParameterValueException("Network dedicated to domain should be shared");
             } else {
@@ -1536,6 +1547,20 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                     throw new InvalidParameterValueException("Unable to find domain by id " + cmd.getDomainId());
                 }
                 _accountMgr.checkAccess(caller, domain);
+                
+                if (networkOffering.getGuestType() == GuestIpType.Virtual) {
+                    //1) Don't allow to create domain level virtual network when domain.level.virtual.network is set to false
+                    //2) don't allow to create more than one domain level Virtual network 
+                    
+                    if (!_supportDomainLevelVirtualNetwork) {
+                        throw new InvalidParameterValueException("Domain level virtual network is not supported");
+                    }
+                    
+                    if (!_networksDao.listDomainSpecificNetworks(domain.getId(), zoneId, networkOffering.getGuestType()).isEmpty()) {
+                        throw new InvalidParameterValueException("Domain id=" + domain.getId() + " already has Guest Virtual domain level network in zone id" + zoneId);
+                    }
+                }
+                
                 isDomainSpecific = true;
             }
         }
@@ -1626,6 +1651,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         Long domainId = null;
         if (isDomainSpecific) {
             domainId = cmd.getDomainId();
+        } else if (!isShared) {
+            if (_supportDomainLevelVirtualNetwork) {
+                throw new InvalidParameterValueException("Account level virtual network is not supported when domain level network support is enabled");
+            }
         }
 
         Network network = createNetwork(networkOfferingId, name, displayText, isShared, isDefault, zoneId, gateway, cidr, vlanId, networkDomain, owner, false, domainId, tags);
@@ -1670,8 +1699,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             } else {
                 isDefault = true;
             }
-            if (isShared != null && isShared) {
-                throw new InvalidParameterValueException("Can specify isShared parameter for Direct networks only");
+            if (isShared != null && isShared && domainId == null) {
+                throw new InvalidParameterValueException("Can specify isShared parameter for Direct networks and Virtual Domain level networks only");
             }
         } else {
             if (isDefault == null) {
@@ -1679,7 +1708,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             }
         }
 
-        // if network is shared, defult its owner to be system
+        // if network is shared, default its owner to be system
         if (isShared) {
             owner = _accountMgr.getSystemAccount();
         }
@@ -1881,15 +1910,17 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             List<NetworkVO> networksToReturn = new ArrayList<NetworkVO>();
        
             if (sharedNetworkDomainId != null) {
-                networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, sharedNetworkDomainId));
-            } else {
+                networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, sharedNetworkDomainId, GuestIpType.Virtual));
+                networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, sharedNetworkDomainId, GuestIpType.Direct));
+            } else {    
+
                 SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
                 domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
                 sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
                 networksToReturn.addAll(listDomainSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, path));
             }
+ 
             
-            //if domain id is specified - list only domain level networks
             if (accountId != null || (domainId == null && accountName == null)) {
                 networksToReturn.addAll(listAccountSpecificAndZoneLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, accountId, path));
             }
@@ -1942,17 +1973,22 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     
-    private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId) {
+    private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId, GuestIpType guestIpType) {
         
+        //For direct networks, we list all networks from parent domains (only when _allowSubdomainNetworkAccess is true)
+        //For virtual networks, list only networks belonging to the same domain
         Set<Long> allowedDomains = new HashSet<Long>();
-        if (_allowSubdomainNetworkAccess) {
+        if (_allowSubdomainNetworkAccess && guestIpType == GuestIpType.Direct) {
             allowedDomains = _accountMgr.getDomainParentIds(domainId);
         } else {
             allowedDomains.add(domainId);
         }
 
         sc.addJoinAnd("domainNetworkSearch", "domainId", SearchCriteria.Op.IN, allowedDomains.toArray());
+        sc.addAnd("guestType", SearchCriteria.Op.EQ, guestIpType);     
+        
         return _networksDao.search(sc, searchFilter);
+
     }
     
     private List<NetworkVO> listAccountSpecificAndZoneLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, Long accountId, String path) {
@@ -2612,7 +2648,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         txn.start();
 
         if (network == null) {
-            List<? extends Network> networks = getVirtualNetworksOwnedByAccountInZone(owner.getAccountName(), owner.getDomainId(), zoneId);
+            List<? extends Network> networks = getVirtualNetworksForAccountInZone(owner.getAccountName(), owner.getDomainId(), zoneId);
             if (networks.size() == 0) {
                 createNetwork = true;
             } else {
@@ -2623,7 +2659,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         // create new Virtual network for the user if it doesn't exist
         if (createNetwork) {
             List<? extends NetworkOffering> offerings = _configMgr.listNetworkOfferings(TrafficType.Guest, false);
-            network = createNetwork(offerings.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", false, null, zoneId, null, null, null, null, owner, false, null, null);
+            Long domainId = null;
+            boolean isNetworkShared = false;
+            if (isDomainGuestVirtualNetworkSupported()) {
+                domainId = owner.getDomainId();
+                isNetworkShared = true;
+            }
+            network = createNetwork(offerings.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", isNetworkShared, null, zoneId, null, null, null, null, owner, false, domainId, null);
 
             if (network == null) {
                 s_logger.warn("Failed to create default Virtual network for the account " + accountId + "in zone " + zoneId);
@@ -2824,14 +2866,14 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public List<NetworkVO> listNetworksForAccount(long accountId, long zoneId, GuestIpType guestType, Boolean isDefault) {
+    public List<NetworkVO> listNetworksForAccount(long accountId, long zoneId, GuestIpType guestType, Boolean isDefault, long domainId) {
         List<NetworkVO> accountNetworks = new ArrayList<NetworkVO>();
         List<NetworkVO> zoneNetworks = _networksDao.listByZone(zoneId);
 
         for (NetworkVO network : zoneNetworks) {
             NetworkOfferingVO no = _networkOfferingDao.findById(network.getNetworkOfferingId());
             if (!no.isSystemOnly()) {
-                if (network.getIsShared() || !_networksDao.listBy(accountId, network.getId()).isEmpty()) {
+                if ((network.getIsShared() && !network.isDomainSpecific()) || (network.getIsShared() && network.isDomainSpecific && isNetworkAvailableInDomain(network.getId(), domainId)) || !_networksDao.listBy(accountId, network.getId()).isEmpty()) {
                     if ((guestType == null || guestType == network.getGuestType()) && (isDefault == null || isDefault.booleanValue() == network.isDefault)) {
                         accountNetworks.add(network);
                     }
@@ -2898,10 +2940,15 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             s_logger.trace("Network id=" + networkId + " is not shared");
             return false;
         }
+        
+        if (network.isDomainSpecific() && network.getGuestType() == GuestIpType.Virtual && !_supportDomainLevelVirtualNetwork) {
+            s_logger.trace("Network of Guest Virtual Domain specific type is not supported");
+            return false;
+        }
 
         List<NetworkDomainVO> networkDomainMap = _networkDomainDao.listDomainNetworkMapByNetworkId(networkId);
         if (networkDomainMap.isEmpty()) {
-            s_logger.trace("Network id=" + networkId + " is shared, but not domain specific");
+            s_logger.trace("Network id=" + networkId + " is shared, but not domain specific, assuming it's a zone wide network");
             return true;
         } else {
             networkDomainId = networkDomainMap.get(0).getDomainId();
@@ -2911,7 +2958,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             return true;
         }
         
-        if (_allowSubdomainNetworkAccess) {
+        if (_allowSubdomainNetworkAccess && network.getGuestType() == GuestIpType.Direct) {
             Set<Long> parentDomains = _accountMgr.getDomainParentIds(domainId);
             
             if (parentDomains.contains(domainId)) {
@@ -3136,4 +3183,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     public String getGlobalGuestDomainSuffix() {
         return _networkDomain;
     }
+    
+    @Override
+    public boolean isDomainGuestVirtualNetworkSupported() {
+        return _supportDomainLevelVirtualNetwork;
+    }
 }
diff --git a/server/src/com/cloud/network/NetworkVO.java b/server/src/com/cloud/network/NetworkVO.java
index 597eee8ea23..bbb33217b98 100644
--- a/server/src/com/cloud/network/NetworkVO.java
+++ b/server/src/com/cloud/network/NetworkVO.java
@@ -452,6 +452,7 @@ public class NetworkVO implements Network {
         this.created = created;
     }
 
+    @Override
     public boolean isDomainSpecific() {
         return isDomainSpecific;
     }
diff --git a/server/src/com/cloud/network/dao/NetworkDao.java b/server/src/com/cloud/network/dao/NetworkDao.java
index 94c2831095b..0650692b412 100644
--- a/server/src/com/cloud/network/dao/NetworkDao.java
+++ b/server/src/com/cloud/network/dao/NetworkDao.java
@@ -64,4 +64,6 @@ public interface NetworkDao extends GenericDao<NetworkVO, Long> {
     List<NetworkVO> listNetworksBy(boolean isShared);
     
     List<NetworkVO> listByZoneIncludingRemoved(long zoneId);
+    
+    List<NetworkVO> listDomainSpecificNetworks(long domainId, long zoneId, GuestIpType guestType);
 }
diff --git a/server/src/com/cloud/network/dao/NetworkDaoImpl.java b/server/src/com/cloud/network/dao/NetworkDaoImpl.java
index dac59335d41..f6a2e0f3e1c 100644
--- a/server/src/com/cloud/network/dao/NetworkDaoImpl.java
+++ b/server/src/com/cloud/network/dao/NetworkDaoImpl.java
@@ -23,6 +23,8 @@ import java.util.Random;
 import javax.ejb.Local;
 import javax.persistence.TableGenerator;
 
+import com.cloud.dc.ClusterVO;
+import com.cloud.dc.HostPodVO;
 import com.cloud.network.Network.GuestIpType;
 import com.cloud.network.NetworkAccountDaoImpl;
 import com.cloud.network.NetworkAccountVO;
@@ -34,6 +36,7 @@ import com.cloud.network.Networks.TrafficType;
 import com.cloud.utils.component.ComponentLocator;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.GenericSearchBuilder;
 import com.cloud.utils.db.JoinBuilder;
 import com.cloud.utils.db.JoinBuilder.JoinType;
 import com.cloud.utils.db.SearchBuilder;
@@ -51,6 +54,7 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
     final SearchBuilder<NetworkVO> AccountNetworkSearch;
     final SearchBuilder<NetworkVO> ZoneBroadcastUriSearch;
     final SearchBuilder<NetworkVO> ZoneSecurityGroupSearch;
+    final SearchBuilder<NetworkVO> DomainSpecificSearch;
 
     NetworkAccountDaoImpl _accountsDao = ComponentLocator.inject(NetworkAccountDaoImpl.class);
     NetworkDomainDaoImpl _domainsDao = ComponentLocator.inject(NetworkDomainDaoImpl.class);
@@ -111,6 +115,15 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
         ZoneSecurityGroupSearch.done();
 
         _tgMacAddress = _tgs.get("macAddress");
+        
+        DomainSpecificSearch = createSearchBuilder();
+        DomainSpecificSearch.and("guestType", DomainSpecificSearch.entity().getGuestType(), Op.EQ);
+        
+        SearchBuilder<NetworkDomainVO> domainNetworkSearch = _domainsDao.createSearchBuilder();
+        domainNetworkSearch.and("domainId", domainNetworkSearch.entity().getDomainId(), Op.EQ);
+        
+        DomainSpecificSearch.join("domainNetworkSearch", domainNetworkSearch, domainNetworkSearch.entity().getNetworkId(), DomainSpecificSearch.entity().getId(), JoinBuilder.JoinType.INNER);
+        DomainSpecificSearch.done();
 
     }
 
@@ -307,4 +320,17 @@ public class NetworkDaoImpl extends GenericDaoBase<NetworkVO, Long> implements N
         sc.setParameters("dataCenterId", zoneId);
         return listIncludingRemovedBy(sc);
     }
+    
+    @Override
+    public List<NetworkVO> listDomainSpecificNetworks(long domainId, long zoneId, GuestIpType guestType) {
+        
+        SearchCriteria<NetworkVO> sc = DomainSpecificSearch.create();
+        
+        if (guestType != null) {
+            sc.setParameters("guestType", guestType);
+        }
+        
+        sc.setJoinParameters("domainNetworkSearch", "domainId", domainId);
+        return listBy(sc);
+    }
 }
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 003a17fbb17..8b82877c323 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -73,6 +73,7 @@ import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.OperationTimedoutException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.IPAddressVO;
 import com.cloud.network.NetworkManager;
 import com.cloud.network.NetworkVO;
 import com.cloud.network.RemoteAccessVpnVO;
@@ -1149,6 +1150,23 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
                     s_logger.debug("Account specific Virtual IP ranges " + " are successfully deleted as a part of account id=" + accountId + " cleanup.");
                 }
             }
+            
+            //Release ip addresses belonging to shared Domain level Virtual network
+            List<IPAddressVO> ipsToRelease = _ipAddressDao.listByAccount(accountId);
+            Long associatedNetworkId = null;
+            if (!ipsToRelease.isEmpty()) {
+                associatedNetworkId = ipsToRelease.get(0).getAssociatedWithNetworkId();
+                s_logger.debug("Releasing public ip addresses belonging to account id=" + accountId + " and associated with domain level network id=" + associatedNetworkId);
+                for (IPAddressVO ipToRelease : ipsToRelease) {
+                    assert (ipToRelease.getAssociatedWithNetworkId() == associatedNetworkId) : "How come account has ip addresses associated with multiple domain level Virtual Guest Networks?";
+                    if (!_networkMgr.releasePublicIpAddress(ipToRelease.getId(), callerUserId, caller)) {
+                        s_logger.warn("Unable to release public ip address id=" + ipToRelease.getId() + " assocaited with domain level network " + ipToRelease.getId() + " as a part of network cleanup");
+                        accountCleanupNeeded = true;
+                    }
+                }
+                
+            }
+            
 
             return true;
         } finally {
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 6fe8073d94e..512e6493829 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2208,6 +2208,13 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
         // Verify that caller can perform actions in behalf of vm owner
         _accountMgr.checkAccess(caller, owner);
+        
+        Long domainId = null;
+        boolean isNetworkShared = false;
+        if (_networkMgr.isDomainGuestVirtualNetworkSupported()) {
+            domainId = owner.getDomainId();
+            isNetworkShared = true;
+        }
 
         if (networkIdList == null || networkIdList.isEmpty()) {
             NetworkVO defaultNetwork = null;
@@ -2220,15 +2227,17 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
             // 2) If Availability=Optional, search for default networks for the account. If it's more than 1, throw an error.
             // If it's 0, and there are no default direct networks, create default Guest Virtual network
 
+            
             List<NetworkOfferingVO> defaultVirtualOffering = _networkOfferingDao.listByTrafficTypeAndGuestType(false, TrafficType.Guest, GuestIpType.Virtual);
             if (defaultVirtualOffering.get(0).getAvailability() == Availability.Required) {
-                // get Virtual netowrks
-                List<NetworkVO> virtualNetworks = _networkMgr.listNetworksForAccount(owner.getId(), zone.getId(), GuestIpType.Virtual, true);
+                // get Virtual networks
+                List<NetworkVO> virtualNetworks = _networkMgr.listNetworksForAccount(owner.getId(), zone.getId(), GuestIpType.Virtual, true, owner.getDomainId());
 
                 if (virtualNetworks.isEmpty()) {
                     s_logger.debug("Creating default Virtual network for account " + owner + " as a part of deployVM process");
-                    Network newNetwork = _networkMgr.createNetwork(defaultVirtualOffering.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", false, null,
-                            zone.getId(), null, null, null, null, owner, false, null, null);
+                    
+                    Network newNetwork = _networkMgr.createNetwork(defaultVirtualOffering.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", isNetworkShared, null,
+                            zone.getId(), null, null, null, null, owner, false, domainId, null);
                     defaultNetwork = _networkDao.findById(newNetwork.getId());
                 } else if (virtualNetworks.size() > 1) {
                     throw new InvalidParameterValueException("More than 1 default Virtaul networks are found for account " + owner + "; please specify networkIds");
@@ -2236,12 +2245,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
                     defaultNetwork = virtualNetworks.get(0);
                 }
             } else {
-                List<NetworkVO> defaultNetworks = _networkMgr.listNetworksForAccount(owner.getId(), zone.getId(), null, true);
+                List<NetworkVO> defaultNetworks = _networkMgr.listNetworksForAccount(owner.getId(), zone.getId(), null, true, owner.getDomainId());
                 if (defaultNetworks.isEmpty()) {
                     if (defaultVirtualOffering.get(0).getAvailability() == Availability.Optional) {
                         s_logger.debug("Creating default Virtual network for account " + owner + " as a part of deployVM process");
-                        Network newNetwork = _networkMgr.createNetwork(defaultVirtualOffering.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", false, null,
-                                zone.getId(), null, null, null, null, owner, false, null, null);
+                        Network newNetwork = _networkMgr.createNetwork(defaultVirtualOffering.get(0).getId(), owner.getAccountName() + "-network", owner.getAccountName() + "-network", isNetworkShared, null,
+                                zone.getId(), null, null, null, null, owner, false, domainId, null);
                         defaultNetwork = _networkDao.findById(newNetwork.getId());
                     } else {
                         throw new InvalidParameterValueException("Unable to find default networks for account " + owner);
@@ -3331,10 +3340,16 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
             }
             for (NetworkVO oldNet: oldNetworks){
                 long networkOffering =  oldNet.getNetworkOfferingId();   
-                List<NetworkVO> virtualNetworks = _networkMgr.listNetworksForAccount(newAccount.getId(), zone.getId(), GuestIpType.Virtual, true);
+                List<NetworkVO> virtualNetworks = _networkMgr.listNetworksForAccount(newAccount.getId(), zone.getId(), GuestIpType.Virtual, true, newAccount.getDomainId());
                 if (virtualNetworks.isEmpty()) {
-                    Network newNetwork = _networkMgr.createNetwork(networkOffering, newAccount.getAccountName() + "-network", newAccount.getAccountName() + "-network", false, null,
-                            vm.getDataCenterIdToDeployIn(), null, null, null, null, newAccount, false, null, null);
+                    Long domainId = null;
+                    boolean isNetworkShared = false;
+                    if (_networkMgr.isDomainGuestVirtualNetworkSupported()) {
+                        domainId = newAccount.getDomainId();
+                        isNetworkShared = true;
+                    }
+                    Network newNetwork = _networkMgr.createNetwork(networkOffering, newAccount.getAccountName() + "-network", newAccount.getAccountName() + "-network", isNetworkShared, null,
+                            vm.getDataCenterIdToDeployIn(), null, null, null, null, newAccount, false, domainId, null);
                     defaultNetwork = _networkDao.findById(newNetwork.getId());
                 } else if (virtualNetworks.size() > 1) {
                     throw new InvalidParameterValueException("More than 1 default Virtaul networks are found for account " + newAccount + "; please specify networkIds");