[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

Alexandre DERUMIER aderumier at odiso.com
Tue Jan 30 09:19:42 CET 2018


I have thinked about the external gateway with vxlan ebgp, it's not so difficult, 

1)if the upstream router can't do bgp or other routing protocol, we simply need to manage 
an ha vip on our side (vrrp) for the ingress traffic from the router and routed inside the vxlan. 
the egress traffic will directly go out from the proxmox nodes. 

This is asymetric routing. 

This should work with a public hosting, like ovh. (you have your failover ip, which is the ha vip, 
and your differents ripe block are routed in proxmox vxlan). 



2)if a routing protocol exist between the proxmox nodes and the router, the router can send directly 
traffic to the correct proxmox node. (symetric routing). 


I have attached an svg schema to this mail. 




----- Mail original ----- 
De: "aderumier" <aderumier at odiso.com> 
À: "dietmar" <dietmar at proxmox.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Mardi 30 Janvier 2018 00:02:55 
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ? 

>>Looks we simply need a flexible plugin architecture ... 

I think, first, we can try to implement only the virtual network, without focus on external gateway. 


I'm seeing 2 good candidate: 

for linux bridge : vxlan ebgp-vpn 
for ovs : ovn network (http://openvswitch.org/support/slides/OVN_LinuxCon_Toronto.pdf) 


Both have almost the same architecture. 

-a distributed controlplane controller. (vxlan ebgp: a routing daemon like frr/quagga, ovn : ovn controller). 
It can be deployed on all proxmox nodes 

-a distributed "anycast" local router 
-vm can used them as gateway. we can implement dhcp,dns,cloudinit. 
-we can get ip/mac from control plane. (could be used to add auto ipfiltering on vm firewall for example, maybe other stuff) 

So 

1) implement the "network" create (create bridge/ovs, configure the controllers) 
2) configure the local router and services 



When this is implemented, we could focus on external network access. 

- ovn need a gateway node 
- linux evpn-bgp can peer with external router if bgp is supported, 
or use 1 gateway node with a simple default gw.(+ a backup gateway node) 

then implement s-nat and floating ip as option if user want them. 


and finally (next year ;) maybe other stuff like loadbalancing as a service, vpn as a service, 


what do you think about this ? 


----- Mail original ----- 
De: "dietmar" <dietmar at proxmox.com> 
À: "Alexandre Derumier" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Lundi 29 Janvier 2018 12:22:09 
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ? 

> It's not difficult if we can do bgp to the router. but I think Dietmar want 
> something 
> for user with a simple router/default gw. (so with some proxy-arp trick). 

No, I still do not know what I want - too many options ;-) 

Looks we simply need a flexible plugin architecture ... 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 




More information about the pve-devel mailing list