Open Stack

I'd like to announce networking-calico, a new project within the Neutron
stadium to provide OpenStack integration pieces for Project Calico
[1][2].  In a sentence, Calico is a backend that uses routing and
iptables to provide IP-level connectivity between VMs, instead of - as
most Neutron backends do - using bridging to provide an effective L2
broadcast domain.  You can read about why that might be interesting at
[1][2], or in more OpenStack-centric terms at [3].

Calico's semantics are not fully describable by the current Neutron API,
and I plan to contribute to API and data model work to address this. 
Discussion about that has already begun at [3] and in the email thread
about 'routed, segmented networks' [4], and I hope it will continue
through the end of this cycle, in Tokyo, and during Mitaka.

For a practical deployment, though, and with some semantic caveats [5],
Calico-style connectivity can be used already in an OpenStack cluster - 
and we have several operator partners interested in and trialling that. 
My team has been developing and refining this since Icehouse, using
Calico-specific patches to Nova and Neutron, but we are now within
touching distance, we think, of working with vanilla OpenStack when
Liberty is released.  We released our v1.0 milestone of the core Calico
code last week [14], our Nova patches were merged in July, and we have
the following core Neutron patches currently in review.

[6] https://review.openstack.org/#/c/205181/
[7] https://review.openstack.org/#/c/206078/
[8] https://review.openstack.org/#/c/206077/
[9] https://review.openstack.org/#/c/206079/

These patches have been through many cycles of review - thanks in
particular to Cedric and Oleg - and are now, I believe, fully tested and
polished.  They make small generalizations to the DHCP agent code so
that a networking-calico-provided interface driver will be able to use
it, instead of having to provide a parallel DHCP agent implementation. 
I would particularly appreciate if Neutron core reviewers would consider
reviewing and approving [6] and [7] now, as they are the changes that
would be messiest if I had to reimplement them out-of-tree using some
kind of subclassing approach.

Then the plan for networking-calico is that it will contain docs, an ML2
mechanism driver, a DHCP interface driver, and a Devstack plugin for
Calico.  These aren't yet at [10], but I will be getting on with that
shortly, and you can already see those pieces in other forms (which will
be retired) at [11], [12] and [13].  Hence, within the next few weeks, I
hope that networking-calico and the vanilla Neutron tree (+ the core
Calico project) will provide a complete demonstration of this kind of
networking.

Looking ahead, we will also set up a regular IRC meeting for people
interested in networking-calico.  I'll write again at the time, but
please do let me know if you'd like to be pinged when that is being
arranged.

Many thanks for your attention - please do let me know if you have
questions!

    Neil



[1] http://www.projectcalico.org/
[2] http://docs.projectcalico.org/en/latest/
[3] https://review.openstack.org/#/c/198439/
[4] http://lists.openstack.org/pipermail/openstack-dev/2015-July/070028.html
[5] http://docs.projectcalico.org/en/latest/calico-neutron-api.html
[10] https://git.openstack.org/cgit/openstack/networking-calico
[11] https://github.com/projectcalico/calico/tree/master/calico/openstack
[12] https://review.openstack.org/#/c/197578/
[13] https://github.com/projectcalico/calico/tree/routed/devstack
[14] http://www.projectcalico.org/announcing-calico-v1-0/