[Openstack-operators] SDN for hybridcloud, does it *really* exist?
Clint Byrum
clint at fewbar.com
Mon Oct 3 00:06:02 UTC 2016
Excerpts from Curtis's message of 2016-10-02 16:22:52 -0600:
> On Sat, Oct 1, 2016 at 3:39 PM, Clint Byrum <clint at fewbar.com> wrote:
> > Excerpts from Jonathan Proulx's message of 2016-09-30 10:15:26 -0400:
> >>
> >> Starting to think refactoring my SDN world (currently just neutron
> >> ml2/ovs inside OpenStack) in preparation for maybe finally lighting up
> >> that second Region I've been threatening for the past year...
> >>
> >> Networking is always the hardest design challeng. Has anyone seen my
> >> unicorn? I dream of something the first works with neutron of course
> >> but also can extend the same network features to hardware out side
> >> openstack and into random public cloud infrastructures through VM and/or
> >> containerised gateways. Also I don't want to hire a whole networking
> >> team to run it.
> >>
> >> I'm fairly certain this is still fantasy though I've heard various
> >> vendors promise the earth and stars but I'd love to hear if anyone is
> >> actually getting close to this in production systems and if so what
> >> your experience has been like.
> >>
> >
> > I know it's hard to believe, but this world was foretold long ago and
> > what you want requires no special equipment or changes to OpenStack,
> > just will-power. You can achieve it now if you can use operating system
> > versions published in the last 5 or so years.
> >
> > The steps to do this:
> >
> > 1) Fix your apps to work via IPv6
> > 2) Fix your internal users to have v6 native
> > 3) Attach your VMs and containers to a provider network with v6 subnets
> > 4) Use IPSec and firewalls for critical isolation. (What we use L2
> > separation for now)
> >
> > This is not complicated, but your SDN vendor probably doesn't want you
> > to know that. You can still attach v4 addresses to your edge endpoints
> > so they can talk to legacy stuff while you migrate. But the idea here
> > is, if you control both ends of a connection, there is no reason you
> > should still be using v4 except tradition.
>
> It would be great for everyone to use ipv6. However, I'm not sure what
> major public clouds support it. For example I'm pretty sure AWS does
> not (maybe for some services). I'd love to be wrong on that. :)
>
IPv6 is already rolling out on Amazon [1] (ELB also has had IPv6 for quite
some time), though right now that only helps you for egress traffic from
your own cloud (EC2 won't give your instances a native IPv6 address).
You can still use a tunnel provider to use ipv6 on AWS, just like any
other hosting provider.
However, another idea is, take your business elsewhere, to a provider
that _will_ give you IPv6, and will also run a cloud that is aligned
with your interests as an OpenStack user [2].
[1] https://aws.amazon.com/blogs/aws/now-available-ipv6-support-for-amazon-s3/
[2] https://www.openstack.org/marketplace/public-clouds/
More information about the OpenStack-operators
mailing list