Open Stack

Excerpts from Sam Stoelinga's message of 2015-07-18 05:39:23 -0700:
> +1 on Kevin Benton's comments.
> Ironic should have integration with switches where the switches are SDN
> compatible. The individual bare metal node should not care which vlan,
> vxlan or other translation is programmed at the switch. The individual bare
> metal nodes just knows I have 2 nics and and these are on Neutron network
> x. The SDN controller is responsible for making sure the baremetal node
> only has access to Neutron Network x through changing the switch
> configuration dynamically.
> 
> Making an individual baremetal have access to several vlans and let the
> baremetal node configure a vlan tag at the baremetal node itself is a big
> security risk and should not be supported. Unless an operator specifically
> configures a baremetal node to be vlan trunk.
> 

Here's a baremetal use case we have currently in infra-cloud:

* network0 is the untagged VLAN, and is unroutable internal networking.
* network1 is tagged and is routable to the internet.

All of the baremetal machines are wired for both vlans, and will want to
communicate with machines on both vlans as well as the internet. Without
vlan info coming from neutron/nova, we have to manually force in
information about network1.  This requires the node creator to have
explicit knowledge of the network, which is a bit frustrating since
neutron already knows that network1 is on a particular tagged vlan
and could easily share this with the node if that is what we need to
have happen.

I'd love to say we could change how this works and just multi-home on
a single vlan. However, I'm pretty sure we won't be the last people to
want to boot machines with Ironic in an environment that does not have
the luxury of rewiring or reconfiguring all of the switch ports.