VXLAN OpenVswitch

[Rémi Paeta <si...@gmail.com>]

Hi there,

Is there any plugin development planned to add VXLAN support with
OpenVswitch?
I saw that OpenStack and OpenNebula already have it.

Thank you in advance for your answers.

Re: VXLAN OpenVswitch

[Wido den Hollander <wi...@widodh.nl>]

On 10/25/22 09:04, Vladimir Dombrovski wrote:
> Hello Rémi/Wido/others,
> 
> We've tested this integration, I can confirm it doesn't work, I
> believe it's missing:
> - Some way to implement VXLAN in the OVS Plugin

Understood, that would be be some work.

> - A new VXLAN script that provisions VXLANs on OVS instead of the host
> (/usr/share/cloudstack-common/scripts/vm/network/vnet/modifyvxlan.sh)
> 

Also when you want to use a EVP+BGP+VXLAN underlay you need to modify 
this script.

We use VXLAN and EVPN in production extensively, but we have our own 
/usr/share/modifyvxlan.sh script on the hypervisors tailored to our 
situation. I don't see a generic script being able to handle all network 
topologies.

> As for why this is interesting: Openvswitch is an L2+L3 router that
> implements a lot of useful SDN functionality: QoS, Traffic monitoring,
> DDoS protection, Meshing* (requires additionally an SDN controller).
> Although none of these features are controllable by Cloudstack, they
> could be very useful in production setups that require more
> fine-grained network controls that iptables+linux bridges could offer
> (current vRouter setup), without having to invest in other more
> expensive integrations such as Netscaler/Juniper/F5/Bigswitch..., the
> long-term support of which is expensive, thus difficult (e.g.
> https://github.com/apache/cloudstack/issues/6381).
> 
> Vladimir
> 
>> On Mon, 24 Oct 2022 at 22:13, Wido den Hollander <wi...@widodh.nl> wrote:
>>
>>
>>
>> On 10/21/22 12:36, Rémi Paeta wrote:
>>> Hi there,
>>>
>>> Is there any plugin development planned to add VXLAN support with
>>> OpenVswitch?
>>
>> No, it's not. If somebody wants it, somebody has to step up to develop this.
>>
>> Can I ask what the benefit would be of Openvswitch with VXLAN vs the
>> Linux bridging? (I'm not very familiar with Openvswitch, but am with VXLAN).
>>
>> Wido
>>
>>> I saw that OpenStack and OpenNebula already have it.
>>>
>>> Thank you in advance for your answers.
>>>
> 

Re: VXLAN OpenVswitch

[Vladimir Dombrovski <vl...@bso.co>]

Hello Rémi/Wido/others,

We've tested this integration, I can confirm it doesn't work, I
believe it's missing:
- Some way to implement VXLAN in the OVS Plugin
- A new VXLAN script that provisions VXLANs on OVS instead of the host
(/usr/share/cloudstack-common/scripts/vm/network/vnet/modifyvxlan.sh)

As for why this is interesting: Openvswitch is an L2+L3 router that
implements a lot of useful SDN functionality: QoS, Traffic monitoring,
DDoS protection, Meshing* (requires additionally an SDN controller).
Although none of these features are controllable by Cloudstack, they
could be very useful in production setups that require more
fine-grained network controls that iptables+linux bridges could offer
(current vRouter setup), without having to invest in other more
expensive integrations such as Netscaler/Juniper/F5/Bigswitch..., the
long-term support of which is expensive, thus difficult (e.g.
https://github.com/apache/cloudstack/issues/6381).

Vladimir

> On Mon, 24 Oct 2022 at 22:13, Wido den Hollander <wi...@widodh.nl> wrote:
>
>
>
> On 10/21/22 12:36, Rémi Paeta wrote:
> > Hi there,
> >
> > Is there any plugin development planned to add VXLAN support with
> > OpenVswitch?
>
> No, it's not. If somebody wants it, somebody has to step up to develop this.
>
> Can I ask what the benefit would be of Openvswitch with VXLAN vs the
> Linux bridging? (I'm not very familiar with Openvswitch, but am with VXLAN).
>
> Wido
>
> > I saw that OpenStack and OpenNebula already have it.
> >
> > Thank you in advance for your answers.
> >

-- 
*CONFIDENTIALITY AND DISCLAIMER NOTICE: *
This email is intended only for 
the person to whom it is addressed and/or otherwise authorized personnel. 
The information contained herein and attached is confidential. If you are 
not the intended recipient, please be advised that viewing this message and 
any attachments, as well as copying, forwarding, printing, and 
disseminating any information related to this email is prohibited, and that 
you should not take any action based on the content of this email and/or 
its attachments. If you received this message in error, please contact the 
sender and destroy all copies of this email and any attachment. Please note 
that the views and opinions expressed herein are solely those of the author 
and do not necessarily reflect those of the company. While antivirus 
protection tools have been employed, you should check this email and 
attachments for the presence of viruses. No warranties or assurances are 
made in relation to the safety and content of this email and attachments. 
The Company accepts no liability for any damage caused by any virus 
transmitted by or contained in this email and attachments. No liability is 
accepted for any consequences arising from this email.


*AVIS DE 
CONFIDENTIALITÉ ET DE NON RESPONSABILITE* : 
Ce courriel, ainsi que toute 
pièce jointe, est confidentiel et peut être protégé par le secret 
professionnel. Si vous n’en êtes pas le destinataire visé, veuillez en 
aviser l’expéditeur immédiatement et le supprimer. Vous ne devez pas le 
copier, ni l’utiliser à quelque fin que ce soit, ni divulguer son contenu à 
qui que ce soit. BSO se réserve le droit de contrôler toute transmission 
qui passe par son réseau. Veuillez noter que les opinions exprimées dans 
cet e-mail sont uniquement celles de l'auteur et ne reflètent pas 
nécessairement celles de la société. Bien que des outils de protection 
antivirus aient été utilisés, vous devez vérifier cet e-mail et les pièces 
jointes pour toute présence de virus. Aucune garantie ou assurance n'est 
donnée concernant la sécurité et le contenu de cet e-mail et de ses pièces 
jointes. La Société décline toute responsabilité pour tout dommage causé 
par tout virus transmis par ou contenu dans cet e-mail et ses pièces 
jointes. Aucune responsabilité n'est acceptée pour les conséquences 
découlant de cet e-mail.

Re: VXLAN OpenVswitch

[Wido den Hollander <wi...@widodh.nl>]

On 10/21/22 12:36, Rémi Paeta wrote:
> Hi there,
> 
> Is there any plugin development planned to add VXLAN support with
> OpenVswitch?

No, it's not. If somebody wants it, somebody has to step up to develop this.

Can I ask what the benefit would be of Openvswitch with VXLAN vs the 
Linux bridging? (I'm not very familiar with Openvswitch, but am with VXLAN).

Wido

> I saw that OpenStack and OpenNebula already have it.
> 
> Thank you in advance for your answers.
>