[openstack-dev] [neutron] openwrt VM as service

Guo, Ruijing ruijing.guo at intel.com
Wed Apr 15 07:37:23 UTC 2015

I’d like to propose openwrt VM as service.

What’s openWRT VM as service:

a)            Tenant can download openWRT VM from http://downloads.openwrt.org/
b)            Tenant can create WAN interface from external public network
c)            Tenant can create private network and create instance from private network
d)            Tenent can configure openWRT for several services including DHCP, route, QoS, ACL and VPNs.

What’s need to change in neutron:

a)            Neutron support to create port for openWRT VM. (I assume it already support it and just integrate it)
b)            Move metadata proxy to openWRT VM.

Why openstack need it?

a)            It is easy for tenant to configure/customize  network service.
Especially, openstack doesn’t support specified VPN.  Tenent can configure VPN and don’t need develop new one and request cloud admin to deploy new VPN.
b)            It is easy for openstack to deploy new network service.

Case 1: SNAT load balance. (We may propose it in neutron)

Currently, neutron l3 support one gateway IP. Neutron L3 does SNAT from private network to public network.

   Private network -----SNAT--- public network

If the public network is down, all private network cannot access to external network.

If we do SNAT load balance, private network can do SNAT to 2 public network.
How to implement in openwrt VM:

1.            Create port1 from public network 1
2.            Create port2 from public network 2
3.            Create port3 from private network
4.            Create openwrt VM including port1, port2 and port3
5.            Configure openwrt to do SNAT load balance from private network to public network 1 and publice network2

Case 2: VPN Service

I want to use OpenVPN. Without openwrt VM, I need to develop OpenVPN as VPN plugin and ask  openstack admin to deploy it (possibly, openstack cloud admin reject it)

How to implement in openwrt VM:

1.            Create port1 from public network 1
2.            Create port2 from private network
3.            Create vpn server/client
4.            NAT from private network to vpn network

What do you think?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150415/8ea3d682/attachment.html>

More information about the OpenStack-dev mailing list