Obsolete:Networking

= Networking Overview =

Live notes may be taken for this topic at: http://etherpad.openstack.org/Networking

Nova Implementation
Current implementation
 * Private networking and VPNs
 * Instances attached to separated VLAN tagged bridges
 * IP Address allocation handled by API
 * DHCP Server assigns addresses

attachment:NovaNetworkingDiagram.png

Instance launch network steps
 * On Network Node
 * If vlan doesn't exist:
 * create vlan and bridge for project
 * run dhcp server bridged into vlan
 * generate mac address
 * if cloudpipe instance:
 * give specific ip to instance
 * else:
 * find free private ip
 * configure dhcp server with mac and ip
 * On Compute Node
 * If vlan doesn't exist:
 * create vlan and bridge for project
 * Spawn vm and nic with specified mac address
 * Bridge the vm nic into the project vlan

Volume creation network steps
 * volume node creates lvm
 * volume node exposes lvm using vblade-persist

Volume attach network steps
 * compute node discovers volume
 * compute node attaches volume to vm as pci device

Ip association
 * Find free public ip
 * Associate the ip with public interface
 * Set up iptables rules to forward to private ip

Future implementation
 * Pluggable Network Implementation
 * Support for flat networking model
 * Support for IP injection
 * Network is its own worker process and uses queue
 * Support for dedicated network hardware

Rackspace Implementation
Current implementation
 * Flat Network Design
 * Networking configurations injected into instances, or pulled via a Guest Agent
 * IPs pulled from Cluster Controller per network group.
 * Instances protected by various IPTables, Ebtables, Arptables rules
 * Protects instances from IP/MAC Address Spoofing
 * Protects instances from ARP Poisoning Attacks
 * Host machines connect three Datacenter Networks: public, service-net, management-net
 * Management-net is used for communication from controllers to host.
 * Instances connected to single bridge for each network, public, service-net
 * Bandwidth throttling.

Future implementation


 * Addition of host-net bridge for internal communication from Instances.
 * Needed for Hypervisor agnostic communication between Host and Guest Communication. (we can't rely only on XenStore)
 * IPs assigned via DHCP over local host network.
 * Is this an additional guest network interface or does this piggy back existing?
 * Open vSwitch
 * Instance networking protection rules could be pushed into the vSwitch.

IPv6
IPv6 should have first-class support, we can derive IPv4 address binding with the IPv6 to IPv6 mapping space and configuration options.

IPv4 Countdown Clock