[Openstack-operators] SDN for hybridcloud, does it really exist?

Neil Jerram neil at tigera.io
Tue Oct 4 11:54:28 UTC 2016

Previous message: [Openstack-operators] SDN for hybridcloud, does it *really* exist?
Next message: [Openstack-operators] Reserve an external network for 1 tenant
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jonathan,

There's also Calico [1,2], which in its simplest form (and as currently
implemented):

- uses just IP routing (v4 and/or v6)‎ to connect workloads (VMs /
containers / pods / bare metal)

- has a security model that works across workloads hosted in different
clouds, and so can specify whether and how hybrid cloud workloads should be
able to talk to each other (and an agent, Felix, that implements that
model).

(That does imply a couple of restrictions: that current Calico doesn’t
support (1) workloads that genuinely need to be L2-adjacent to each other,
and (2) overlapping IPs or "bring your own addressing." We have plans for
those if they're really needed, and in the meantime we're seeing plenty of
interest in adoption where those points aren't needed, and the simplicity
and scalability of Calico's approach are attractive.)

One of the reasons for choosing a flat routed IP model was precisely so
that workloads just fit into whatever network infrastructure is already
there — and a big driver for that was so that interconnection between “in
cluster” and “out of cluster” resources would be completely straightforward
(not requiring on/off ramps, configuring virtual router ports, mapping
between VLANs, etc.)

Calico has been separately integrated for some time with OpenStack,
Kubernetes and Docker, and there's work underway to demonstrate hybrid
cloud combinations of those, I hope in Barcelona.

I hope that's of interest; sorry for replying relatively late to this
thread.

      Neil


[1] http://docs.openstack.org/developer/networking-calico/
[2] https://www.projectcalico.org/


On Mon, Oct 3, 2016 at 6:54 PM Jonathan Proulx <jon at csail.mit.edu> wrote:

>
> So my sense from responses so far:
>
> No one is doing unified SDN solutions across clouds and no one really
> wants to.
>
> Consensus is just treat each network island like another remote DC and
> use normal VPN type stuff to glue them together.
>
> ( nod to http://romana.io an interesting looking network and security
> automation project as a network agnostic alternative to SDN for
> managing cross cloud policy on whatever networks are available. )
>
> -Jon
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20161004/042bbb6f/attachment.html>

Previous message: [Openstack-operators] SDN for hybridcloud, does it *really* exist?
Next message: [Openstack-operators] Reserve an external network for 1 tenant
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the OpenStack-operators mailing list