[Openstack-operators] SDN for hybridcloud, does it *really* exist?

Clint Byrum clint at fewbar.com
Sat Oct 1 21:39:38 UTC 2016


Excerpts from Jonathan Proulx's message of 2016-09-30 10:15:26 -0400:
> 
> Starting to think refactoring my SDN world (currently just neutron
> ml2/ovs inside OpenStack) in preparation for maybe finally lighting up
> that second Region I've been threatening for the past year...
> 
> Networking is always the hardest design challeng.  Has anyone seen my
> unicorn?  I dream of something the first works with neutron of course
> but also can extend the same network features to hardware out side
> openstack and into random public cloud infrastructures through VM and/or
> containerised gateways.  Also I don't want to hire a whole networking
> team to run it.
> 
> I'm fairly certain this is still fantasy though I've heard various
> vendors promise the earth and stars but I'd love to hear if anyone is
> actually getting close to this in production systems and if so what
> your experience has been like.
> 

I know it's hard to believe, but this world was foretold long ago and
what you want requires no special equipment or changes to OpenStack,
just will-power.  You can achieve it now if you can use operating system
versions published in the last 5 or so years.

The steps to do this:

1) Fix your apps to work via IPv6
2) Fix your internal users to have v6 native
3) Attach your VMs and containers to a provider network with v6 subnets
4) Use IPSec and firewalls for critical isolation. (What we use L2
   separation for now)

This is not complicated, but your SDN vendor probably doesn't want you
to know that. You can still attach v4 addresses to your edge endpoints
so they can talk to legacy stuff while you migrate. But the idea here
is, if you control both ends of a connection, there is no reason you
should still be using v4 except tradition.



More information about the OpenStack-operators mailing list