[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

Alexandre DERUMIER aderumier at odiso.com
Wed Jan 24 09:56:56 CET 2018


>>I just think there are many ways to provide that interconnect layer, basically 
>>any VPN or SDN solution? 

yes, generaly SDN solution have their own gateway system, to interconnect virtual and physical world.

openvswitch ovn : http://docs.openvswitch.org/en/latest/topics/high-availability/
opencontrail: http://www.opencontrail.org/category/Gateway/
vmware nsx edge: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-3F96DECE-33FB-43EE-88D7-124A730830A4.html

In this case, you need an sdn controller somewhere, and manage it with api.


If we want to use linux stack,we need to implement this by ourself with vxlan/iptables nat/dhcp (and proxmox cluster is the sdn "controller" )

(With plugins, I think it can be done, as it's almost the same for all kinds of sdn : manage gateway, manage nat, s-nat, dhcp,....)


Personnaly, I'm more to focus on linux stack first to have something working without external controller.





> I think it doesn't break the current model, as the firewall is done on the 
> fwbr between the vmbr and the tap interface. 

>>not a problem then (if it works). 

I'll test today.

----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mercredi 24 Janvier 2018 09:21:54
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

> >>Besides, I would start with something simpler than that. Maybe a virtual 
> >>network with NAT... 
> 
> If you want something simpler (so without vxlan-evpnbgp, or anycast gateway), 
> the only way is to manage central "network node" which handle 
> nat,s-nat,dhcp,.., 
> like classic openstack model. (and need to manage failover) 
> 

I just think there are many ways to provide that interconnect layer, basically 
any VPN or SDN solution? 

> >>We need to make sure that we can provide firewall service for those 
> >>'virtual' networks. 
> 
> I think it doesn't break the current model, as the firewall is done on the 
> fwbr between the vmbr and the tap interface. 

not a problem then (if it works). 




More information about the pve-devel mailing list