[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
Alexandre DERUMIER
aderumier at odiso.com
Wed Jan 24 09:56:56 CET 2018
>>I just think there are many ways to provide that interconnect layer, basically
>>any VPN or SDN solution?
yes, generaly SDN solution have their own gateway system, to interconnect virtual and physical world.
openvswitch ovn : http://docs.openvswitch.org/en/latest/topics/high-availability/
opencontrail: http://www.opencontrail.org/category/Gateway/
vmware nsx edge: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-3F96DECE-33FB-43EE-88D7-124A730830A4.html
In this case, you need an sdn controller somewhere, and manage it with api.
If we want to use linux stack,we need to implement this by ourself with vxlan/iptables nat/dhcp (and proxmox cluster is the sdn "controller" )
(With plugins, I think it can be done, as it's almost the same for all kinds of sdn : manage gateway, manage nat, s-nat, dhcp,....)
Personnaly, I'm more to focus on linux stack first to have something working without external controller.
> I think it doesn't break the current model, as the firewall is done on the
> fwbr between the vmbr and the tap interface.
>>not a problem then (if it works).
I'll test today.
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "aderumier" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mercredi 24 Janvier 2018 09:21:54
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?
> >>Besides, I would start with something simpler than that. Maybe a virtual
> >>network with NAT...
>
> If you want something simpler (so without vxlan-evpnbgp, or anycast gateway),
> the only way is to manage central "network node" which handle
> nat,s-nat,dhcp,..,
> like classic openstack model. (and need to manage failover)
>
I just think there are many ways to provide that interconnect layer, basically
any VPN or SDN solution?
> >>We need to make sure that we can provide firewall service for those
> >>'virtual' networks.
>
> I think it doesn't break the current model, as the firewall is done on the
> fwbr between the vmbr and the tap interface.
not a problem then (if it works).
More information about the pve-devel
mailing list