[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
Alexandre DERUMIER
aderumier at odiso.com
Wed Jan 24 09:04:18 CET 2018
>>Besides, I would start with something simpler than that. Maybe a virtual
>>network with NAT...
>>>If you want something simpler (so without vxlan-evpnbgp, or anycast gateway), the only way is to manage central "network node" which handle nat,s-nat,dhcp,..,
>>>like classic openstack model. (and need to manage failover)
I think it could be done too with vxlan (without bgp), so with multicast learning or even unicast.
crm service could manage gateway failover on central network node,public ip and nat rules failover.
it's not too different from my ebgp-vxlan proposal.
proxmoxnode1--<vmbrvxlan1>------------proxmoxnode2(networknode)----------<vmbrvxlan1 + gateway ip>-----nat 1:1-----public ip ----->default gateway
| |
|failover |failover
| |
promoxnode3(failover network node)-<vmbrvxlan1 + gateway ip>-----nat 1:1-----public ip ----->default gateway
could be defined with
---------------------
vxlan: tenantnetwork1
gateway_address 10.0.1.1/24
gateway_macaddress a2:ed:21:06:e7:48
gateway_nodes : proxmoxnode2,proxmoxnode3
vni 1
learning (multicast|anycast)
----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "dietmar" <dietmar at proxmox.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mercredi 24 Janvier 2018 07:33:01
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
Yes, that looks reasonable to me.
>>Besides, I would start with something simpler than that. Maybe a virtual
>>network with NAT...
If you want something simpler (so without vxlan-evpnbgp, or anycast gateway), the only way is to manage central "network node" which handle nat,s-nat,dhcp,..,
like classic openstack model. (and need to manage failover)
>>We need to make sure that we can provide firewall service for those 'virtual' networks.
I think it doesn't break the current model, as the firewall is done on the fwbr between the vmbr and the tap interface.
(or do you want to implement firewall at the router level ?)
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "aderumier" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mercredi 24 Janvier 2018 06:52:22
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
> global
> ------
> /etc/pve/networks.cfg
>
> vxlanebgp: tenantnetwork1
> gateway_address 10.0.1.1/24
> gateway_macaddress a2:ed:21:06:e7:48
> vni 1
> loopback myvxlanloopback
>
>
> vxlanebgp: tenantnetwork2
> gateway_address 10.0.2.1/24
> gateway_macaddress a2:ed:21:06:e7:48
> vni 2
> dstport 4789
> learningmode nolearning
>
>
>
> Then, we need to create some network plugin, to hook on tap_plug/unplug
> (we could have a standard bridge plugin, an ovs plugin, an vxlanebgp plugin,
> another custom plugin,...)
Yes, that looks reasonable to me.
Besides, I would start with something simpler than that. Maybe a virtual
network with NAT... We need to make sure that we can provide firewall service
for those 'virtual' networks.
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list