Difference between revisions of "Obsolete:Networking"
m (Fifieldt moved page Networking to Obsolete:Networking) |
|||
(18 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | + | ||
= Networking Overview = | = Networking Overview = | ||
+ | |||
+ | Live notes may be taken for this topic at: http://etherpad.openstack.org/Networking | ||
+ | |||
+ | == Nova Implementation == | ||
+ | |||
+ | Current implementation | ||
+ | * Private networking and VPNs | ||
+ | ** Instances attached to separated VLAN tagged bridges | ||
+ | * IP Address allocation handled by API | ||
+ | * DHCP Server assigns addresses | ||
+ | |||
+ | [[attachment:NovaNetworkingDiagram.png]] | ||
+ | |||
+ | Instance launch network steps | ||
+ | * On Network Node | ||
+ | ** If vlan doesn't exist: | ||
+ | *** create vlan and bridge for project | ||
+ | *** run dhcp server bridged into vlan | ||
+ | * generate mac address | ||
+ | ** if cloudpipe instance: | ||
+ | *** give specific ip to instance | ||
+ | * else: | ||
+ | ** find free private ip | ||
+ | * configure dhcp server with mac and ip | ||
+ | * On Compute Node | ||
+ | ** If vlan doesn't exist: | ||
+ | *** create vlan and bridge for project | ||
+ | * Spawn vm and nic with specified mac address | ||
+ | ** Bridge the vm nic into the project vlan | ||
+ | |||
+ | Volume creation network steps | ||
+ | * volume node creates lvm | ||
+ | * volume node exposes lvm using vblade-persist | ||
+ | |||
+ | Volume attach network steps | ||
+ | * compute node discovers volume | ||
+ | * compute node attaches volume to vm as pci device | ||
+ | |||
+ | Ip association | ||
+ | * Find free public ip | ||
+ | * Associate the ip with public interface | ||
+ | * Set up iptables rules to forward to private ip | ||
+ | |||
+ | Future implementation | ||
+ | * Pluggable Network Implementation | ||
+ | ** Support for flat networking model | ||
+ | ** Support for IP injection | ||
+ | * Network is its own worker process and uses queue | ||
+ | * Support for dedicated network hardware | ||
== Rackspace Implementation == | == Rackspace Implementation == | ||
Line 6: | Line 55: | ||
Current implementation | Current implementation | ||
* Flat Network Design | * Flat Network Design | ||
− | |||
* Networking configurations injected into instances, or pulled via a Guest Agent | * Networking configurations injected into instances, or pulled via a Guest Agent | ||
+ | * IPs pulled from Cluster Controller per network group. | ||
* Instances protected by various IPTables, Ebtables, Arptables rules | * Instances protected by various IPTables, Ebtables, Arptables rules | ||
** Protects instances from IP/MAC Address Spoofing | ** Protects instances from IP/MAC Address Spoofing | ||
** Protects instances from ARP Poisoning Attacks | ** Protects instances from ARP Poisoning Attacks | ||
− | * Host machines connect three Datacenter Networks: | + | * Host machines connect three Datacenter Networks: public, service-net, management-net |
− | ** | + | ** Management-net is used for communication from controllers to host. |
− | * Instances connected to single bridge for each network, | + | * Instances connected to single bridge for each network, public, service-net |
+ | * Bandwidth throttling. | ||
Future implementation | Future implementation | ||
− | |||
− | |||
− | + | * Addition of host-net bridge for internal communication from Instances. | |
− | + | ** Needed for Hypervisor agnostic communication between Host and Guest Communication. (we can't rely only on [[XenStore]]) | |
− | + | ** IPs assigned via DHCP over local host network. | |
− | * | + | ** Is this an additional guest network interface or does this piggy back existing? |
− | * | + | * [http://openvswitch.org/ Open vSwitch] |
− | * | + | ** Instance networking protection rules could be pushed into the vSwitch. |
− | * | ||
− | |||
− | |||
− | * | ||
− | ** | ||
− | * | ||
− | * | ||
− | * | ||
== IPv6 == | == IPv6 == | ||
IPv6 should have first-class support, we can derive IPv4 address binding with the IPv6 to IPv6 mapping space and configuration options. | IPv6 should have first-class support, we can derive IPv4 address binding with the IPv6 to IPv6 mapping space and configuration options. | ||
+ | |||
+ | [http://www.potaroo.net/tools/ipv4/index.html IPv4 Countdown Clock] |
Latest revision as of 15:50, 30 September 2013
Networking Overview
Live notes may be taken for this topic at: http://etherpad.openstack.org/Networking
Nova Implementation
Current implementation
- Private networking and VPNs
- Instances attached to separated VLAN tagged bridges
- IP Address allocation handled by API
- DHCP Server assigns addresses
attachment:NovaNetworkingDiagram.png
Instance launch network steps
- On Network Node
- If vlan doesn't exist:
- create vlan and bridge for project
- run dhcp server bridged into vlan
- If vlan doesn't exist:
- generate mac address
- if cloudpipe instance:
- give specific ip to instance
- if cloudpipe instance:
- else:
- find free private ip
- configure dhcp server with mac and ip
- On Compute Node
- If vlan doesn't exist:
- create vlan and bridge for project
- If vlan doesn't exist:
- Spawn vm and nic with specified mac address
- Bridge the vm nic into the project vlan
Volume creation network steps
- volume node creates lvm
- volume node exposes lvm using vblade-persist
Volume attach network steps
- compute node discovers volume
- compute node attaches volume to vm as pci device
Ip association
- Find free public ip
- Associate the ip with public interface
- Set up iptables rules to forward to private ip
Future implementation
- Pluggable Network Implementation
- Support for flat networking model
- Support for IP injection
- Network is its own worker process and uses queue
- Support for dedicated network hardware
Rackspace Implementation
Current implementation
- Flat Network Design
- Networking configurations injected into instances, or pulled via a Guest Agent
- IPs pulled from Cluster Controller per network group.
- Instances protected by various IPTables, Ebtables, Arptables rules
- Protects instances from IP/MAC Address Spoofing
- Protects instances from ARP Poisoning Attacks
- Host machines connect three Datacenter Networks: public, service-net, management-net
- Management-net is used for communication from controllers to host.
- Instances connected to single bridge for each network, public, service-net
- Bandwidth throttling.
Future implementation
- Addition of host-net bridge for internal communication from Instances.
- Needed for Hypervisor agnostic communication between Host and Guest Communication. (we can't rely only on XenStore)
- IPs assigned via DHCP over local host network.
- Is this an additional guest network interface or does this piggy back existing?
- Open vSwitch
- Instance networking protection rules could be pushed into the vSwitch.
IPv6
IPv6 should have first-class support, we can derive IPv4 address binding with the IPv6 to IPv6 mapping space and configuration options.