[Openstack-operators] New networking solution for Cloud Native apps....
chris at romana.io
Wed Feb 3 20:48:47 UTC 2016
Hi Clint, the original Romana announcement message was also posted on
openstack-dev on Monday.
You bring up a good points w/Ironic. Will need to think about that a bit
On Wed, Feb 3, 2016 at 12:16 PM, Clint Byrum <clint at fewbar.com> wrote:
> Excerpts from Chris Marino's message of 2016-02-01 06:08:34 -0800:
> > Hello everyone, just wanted to let you know that today we opened up the
> > repos for the new open source networking project we’ve been working on.
> > It’s called Romana and the project site is romana.io.
> > Thought you would be interested because it enables multi-tenant
> > without a virtual network overlay. It's targeted for use with
> > that only need L3 networks so we’ve been able to eliminate and simplify
> > many things to make the network faster, and easier to build and operate.
> > If you run these kind of Cloud Native apps on OpenStack (or even directly
> > on bare metal with Docker or Kubernetes), we’d love to hear what you
> > We’re still working on the container CNM/CNI integration. Any and all
> > feedback is welcome.
> > The code is on Github at github.com/romana and you can see how it all
> > with a demo we’ve set up that lets you install and run OpenStack on EC2
> > <http://romana.io/try_romana/openstack/>.
> > You can read about how Romana works on the project site, here
> > <http://romana.io/how/romana_basics/>. In summary, it extends the
> > network hierarchy of a layer 3 routed access design
> > <http://romana.io/how/background/#routed-access-datacenter> from spine
> > leaf switches on to hosts, VMs and containers.
> > This enables a very simple and intuitive tenancy model: For every tenant
> > (and each of their network segments) there is an actual physical network
> > CIDR on each host, with all tenants sharing the host-specific address
> > prefix. The advantage of this is that route aggregation makes route
> > distribution unnecessary and collapses the number of iptables rules
> > required for segment isolation. In addition, traffic policies, such as
> > security rules, can easily be applied to those tenant or segment specific
> > CIDRs across all hosts.
> > Any/all comments welcome.
> Really interesting, thanks Chris. For baremetal, which is a very real
> thing for users of OpenStack right now, this presents some challenges.
> The agents that sit on compute nodes in Romana are not going to be able
> to enforce any isolation themselves, since baremetal nodes will end
> up on the same L2. The agents would either have to get back into the
> business Neutron ML2 is in, of configuring switches through a mechanism
> driver, or servers would have to self-isolate, which may not be obvious
> or acceptible for some. I wonder if you've thought through any other
> solution to that particular problem.
> I also think you should share this on openstack-dev, as the developers
> may also be aware of other efforts that may conflict with or complement
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-operators