[PROPOSAL] region level VPC and guest network spanning multiple zones

[Murali Reddy <Mu...@citrix.com>]

I would like to propose two networking models enhancements for ACS 4.4
release that will enable building highly available applications. Currently
VPC in CloudStack is a zone level entity. So tiers with in the VPC are
confined to the zone to which VPC belongs. For an application deployed in
current model of VPC failure of the zone is a single point of failure. It
is desirable to make VPC a region level entity, where tiers in the VPC can
be created in different zones of the region. When tiers can be created in
different zones, application hosted in VPC can be architected to be highly
available masking zone failures by having redundant tiers in different
zones. While it may be seen as natural extension, there are fundamental
limitations with VLAN/traditional L2 based networking due to which
realizing it would be non-trivial or require special solutions [1].
Overlay networks [2] in the context of SDN & network virtualization
provides a way to build networks that are abstracted from
physical/underlay network. An overlay network is typically built with
tunnels across edge(vSwitch's in hypervisor) and core is plain L3 network.
With requirement that L3 connectivity across zones and tunnels can be
established across the zones, an overlay network that spans multiple zones
is easily realized.

Given the range of SDN controllers that are integrated with CS, goal of
this proposal is to leverage advances in SDN & network virtualization
introduce below generic notions into CS.

- an advanced zone isolated network that can span multiple zones
- a region level VPC where tiers belong to different zones.

I have opened bugs [3],[4] to track these two enhancements. As part of the
effort I would like to extend the current OVS plug-in (that builds overlay
network with GRE tunnels) to realise these two use-cases. I have opened
bug [5] to track this enhancement.

As long as we establish tunnels across the zones, we can have overlay
networks that are functional, but would be inefficient in handling
east-west traffic [6] and BUM traffic. While the problems exist in the
overlay networks that are confined to a zone as well, they are compounded
when the network spans multiple zones resulting in high cross-zone
east-west traffic. I would be sending out a complementary proposal to
introduce distributed routing and ACL's for east-west traffic and ARP
localisation that will allow only legitimate cross zone east-west traffic.

I will send out a functional specification with detailed requirements,
assumptions, limitation etc once I make progress with these enhancements.
Please share any feedback and comments.

[1] 
http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-interc
onnect.html
[2] 
http://etherealmind.com/introduction-to-how-overlay-networking-and-tunnel-f
abrics-work/
[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
[6] 
http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.htm
l

Re: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Chiradeep Vittal <Ch...@citrix.com>]

Ah OK. Just want to make sure that traffic accounting for access to in-DC
services is separate even though it may go through the same interface as
the public traffic.

On 12/20/13 2:09 AM, "Murali Reddy" <Mu...@citrix.com> wrote:

>On 20/12/13 5:50 AM, "Chiradeep Vittal" <Ch...@citrix.com>
>wrote:
>
>>Is there any reason to restrict a subnet to a single zone? AFAIK, AWS VPC
>>lets you stretch a subnet across AZ.
>>This way you can replicate *within* the DB tier to another zone.
>
>As per [1] in AWS VPC, "Each subnet must reside entirely within one
>Availability Zone and cannot span zones". However for CS I don't think we
>should have restriction. In the model I am proposing, VPC VR is gateway
>for outbound north-south traffic, then subnet of each tier is stretched at
>least into the zone running VPC VR anyway. So there is no reason to have
>this restriction. I will add tier/subnet stretching multiple zones as
>explicit requirement.
>
>
>[1] 
>http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPC
>S
>ubnet
>
>>
>>Also, once you introduce distributed routing, access to other datacenter
>>services (S3 for instance) from within the VM will still go through the
>>VR?
>
>I am proposing to enable distributed routing only for inter-tier traffic
>for 4.4. So VPC VR still continue to be the gateway. As a future
>enhancement distributed routing for outbound traffic can be done.
>
>>
>>On 12/19/13 4:24 AM, "Murali Reddy" <Mu...@citrix.com> wrote:
>>
>>>I would like to propose two networking models enhancements for ACS 4.4
>>>release that will enable building highly available applications.
>>>Currently
>>>VPC in CloudStack is a zone level entity. So tiers with in the VPC are
>>>confined to the zone to which VPC belongs. For an application deployed
>>>in
>>>current model of VPC failure of the zone is a single point of failure.
>>>It
>>>is desirable to make VPC a region level entity, where tiers in the VPC
>>>can
>>>be created in different zones of the region. When tiers can be created
>>>in
>>>different zones, application hosted in VPC can be architected to be
>>>highly
>>>available masking zone failures by having redundant tiers in different
>>>zones. While it may be seen as natural extension, there are fundamental
>>>limitations with VLAN/traditional L2 based networking due to which
>>>realizing it would be non-trivial or require special solutions [1].
>>>Overlay networks [2] in the context of SDN & network virtualization
>>>provides a way to build networks that are abstracted from
>>>physical/underlay network. An overlay network is typically built with
>>>tunnels across edge(vSwitch's in hypervisor) and core is plain L3
>>>network.
>>>With requirement that L3 connectivity across zones and tunnels can be
>>>established across the zones, an overlay network that spans multiple
>>>zones
>>>is easily realized.
>>>
>>>Given the range of SDN controllers that are integrated with CS, goal of
>>>this proposal is to leverage advances in SDN & network virtualization
>>>introduce below generic notions into CS.
>>>
>>>- an advanced zone isolated network that can span multiple zones
>>>- a region level VPC where tiers belong to different zones.
>>>
>>>I have opened bugs [3],[4] to track these two enhancements. As part of
>>>the
>>>effort I would like to extend the current OVS plug-in (that builds
>>>overlay
>>>network with GRE tunnels) to realise these two use-cases. I have opened
>>>bug [5] to track this enhancement.
>>>
>>>As long as we establish tunnels across the zones, we can have overlay
>>>networks that are functional, but would be inefficient in handling
>>>east-west traffic [6] and BUM traffic. While the problems exist in the
>>>overlay networks that are confined to a zone as well, they are
>>>compounded
>>>when the network spans multiple zones resulting in high cross-zone
>>>east-west traffic. I would be sending out a complementary proposal to
>>>introduce distributed routing and ACL's for east-west traffic and ARP
>>>localisation that will allow only legitimate cross zone east-west
>>>traffic.
>>>
>>>I will send out a functional specification with detailed requirements,
>>>assumptions, limitation etc once I make progress with these
>>>enhancements.
>>>Please share any feedback and comments.
>>>
>>>[1] 
>>>http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-int
>>>e
>>>r
>>>c
>>>onnect.html
>>>[2] 
>>>http://etherealmind.com/introduction-to-how-overlay-networking-and-tunne
>>>l
>>>-
>>>f
>>>abrics-work/
>>>[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
>>>[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
>>>[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
>>>[6] 
>>>http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.
>>>h
>>>t
>>>m
>>>l
>>>
>>
>>
>
>

Re: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Murali Reddy <Mu...@citrix.com>]

On 20/12/13 5:50 AM, "Chiradeep Vittal" <Ch...@citrix.com>
wrote:

>Is there any reason to restrict a subnet to a single zone? AFAIK, AWS VPC
>lets you stretch a subnet across AZ.
>This way you can replicate *within* the DB tier to another zone.

As per [1] in AWS VPC, "Each subnet must reside entirely within one
Availability Zone and cannot span zones". However for CS I don't think we
should have restriction. In the model I am proposing, VPC VR is gateway
for outbound north-south traffic, then subnet of each tier is stretched at
least into the zone running VPC VR anyway. So there is no reason to have
this restriction. I will add tier/subnet stretching multiple zones as
explicit requirement.


[1] 
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPCS
ubnet

>
>Also, once you introduce distributed routing, access to other datacenter
>services (S3 for instance) from within the VM will still go through the
>VR?

I am proposing to enable distributed routing only for inter-tier traffic
for 4.4. So VPC VR still continue to be the gateway. As a future
enhancement distributed routing for outbound traffic can be done.

>
>On 12/19/13 4:24 AM, "Murali Reddy" <Mu...@citrix.com> wrote:
>
>>I would like to propose two networking models enhancements for ACS 4.4
>>release that will enable building highly available applications.
>>Currently
>>VPC in CloudStack is a zone level entity. So tiers with in the VPC are
>>confined to the zone to which VPC belongs. For an application deployed in
>>current model of VPC failure of the zone is a single point of failure. It
>>is desirable to make VPC a region level entity, where tiers in the VPC
>>can
>>be created in different zones of the region. When tiers can be created in
>>different zones, application hosted in VPC can be architected to be
>>highly
>>available masking zone failures by having redundant tiers in different
>>zones. While it may be seen as natural extension, there are fundamental
>>limitations with VLAN/traditional L2 based networking due to which
>>realizing it would be non-trivial or require special solutions [1].
>>Overlay networks [2] in the context of SDN & network virtualization
>>provides a way to build networks that are abstracted from
>>physical/underlay network. An overlay network is typically built with
>>tunnels across edge(vSwitch's in hypervisor) and core is plain L3
>>network.
>>With requirement that L3 connectivity across zones and tunnels can be
>>established across the zones, an overlay network that spans multiple
>>zones
>>is easily realized.
>>
>>Given the range of SDN controllers that are integrated with CS, goal of
>>this proposal is to leverage advances in SDN & network virtualization
>>introduce below generic notions into CS.
>>
>>- an advanced zone isolated network that can span multiple zones
>>- a region level VPC where tiers belong to different zones.
>>
>>I have opened bugs [3],[4] to track these two enhancements. As part of
>>the
>>effort I would like to extend the current OVS plug-in (that builds
>>overlay
>>network with GRE tunnels) to realise these two use-cases. I have opened
>>bug [5] to track this enhancement.
>>
>>As long as we establish tunnels across the zones, we can have overlay
>>networks that are functional, but would be inefficient in handling
>>east-west traffic [6] and BUM traffic. While the problems exist in the
>>overlay networks that are confined to a zone as well, they are compounded
>>when the network spans multiple zones resulting in high cross-zone
>>east-west traffic. I would be sending out a complementary proposal to
>>introduce distributed routing and ACL's for east-west traffic and ARP
>>localisation that will allow only legitimate cross zone east-west
>>traffic.
>>
>>I will send out a functional specification with detailed requirements,
>>assumptions, limitation etc once I make progress with these enhancements.
>>Please share any feedback and comments.
>>
>>[1] 
>>http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-inte
>>r
>>c
>>onnect.html
>>[2] 
>>http://etherealmind.com/introduction-to-how-overlay-networking-and-tunnel
>>-
>>f
>>abrics-work/
>>[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
>>[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
>>[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
>>[6] 
>>http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.h
>>t
>>m
>>l
>>
>
>

Re: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Chiradeep Vittal <Ch...@citrix.com>]

Is there any reason to restrict a subnet to a single zone? AFAIK, AWS VPC
lets you stretch a subnet across AZ.
This way you can replicate *within* the DB tier to another zone.

Also, once you introduce distributed routing, access to other datacenter
services (S3 for instance) from within the VM will still go through the VR?

On 12/19/13 4:24 AM, "Murali Reddy" <Mu...@citrix.com> wrote:

>I would like to propose two networking models enhancements for ACS 4.4
>release that will enable building highly available applications. Currently
>VPC in CloudStack is a zone level entity. So tiers with in the VPC are
>confined to the zone to which VPC belongs. For an application deployed in
>current model of VPC failure of the zone is a single point of failure. It
>is desirable to make VPC a region level entity, where tiers in the VPC can
>be created in different zones of the region. When tiers can be created in
>different zones, application hosted in VPC can be architected to be highly
>available masking zone failures by having redundant tiers in different
>zones. While it may be seen as natural extension, there are fundamental
>limitations with VLAN/traditional L2 based networking due to which
>realizing it would be non-trivial or require special solutions [1].
>Overlay networks [2] in the context of SDN & network virtualization
>provides a way to build networks that are abstracted from
>physical/underlay network. An overlay network is typically built with
>tunnels across edge(vSwitch's in hypervisor) and core is plain L3 network.
>With requirement that L3 connectivity across zones and tunnels can be
>established across the zones, an overlay network that spans multiple zones
>is easily realized.
>
>Given the range of SDN controllers that are integrated with CS, goal of
>this proposal is to leverage advances in SDN & network virtualization
>introduce below generic notions into CS.
>
>- an advanced zone isolated network that can span multiple zones
>- a region level VPC where tiers belong to different zones.
>
>I have opened bugs [3],[4] to track these two enhancements. As part of the
>effort I would like to extend the current OVS plug-in (that builds overlay
>network with GRE tunnels) to realise these two use-cases. I have opened
>bug [5] to track this enhancement.
>
>As long as we establish tunnels across the zones, we can have overlay
>networks that are functional, but would be inefficient in handling
>east-west traffic [6] and BUM traffic. While the problems exist in the
>overlay networks that are confined to a zone as well, they are compounded
>when the network spans multiple zones resulting in high cross-zone
>east-west traffic. I would be sending out a complementary proposal to
>introduce distributed routing and ACL's for east-west traffic and ARP
>localisation that will allow only legitimate cross zone east-west traffic.
>
>I will send out a functional specification with detailed requirements,
>assumptions, limitation etc once I make progress with these enhancements.
>Please share any feedback and comments.
>
>[1] 
>http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-inter
>c
>onnect.html
>[2] 
>http://etherealmind.com/introduction-to-how-overlay-networking-and-tunnel-
>f
>abrics-work/
>[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
>[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
>[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
>[6] 
>http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.ht
>m
>l
>

Re: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Murali Reddy <Mu...@citrix.com>]

Sanjeev,

Please see answers inline. You may want to also check out
https://cwiki.apache.org/confluence/display/CLOUDSTACK/OVS+Tunnel+Manager+f
or+CloudStack for general limitation etc.

Some of the question are good points that needed to be in FS, I will add
them where ever appropriate.

On 09/04/14 4:54 AM, "Sanjeev Neelarapu" <sa...@citrix.com>
wrote:

>Hi ,
>
>Following are the review comments on the FS posted @
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+an
>d
>+guest+network+spanning+multiple+zones:
>
>How many guest networks we can scale using SDN?

We could have theoretical maximum of 2^32 -1 GRE keys, so if CloudStack
can spin up networks in that order, there should not be any limitation
from OVS to create overlay networks.

>Do we support mixed networks in a zone (VLAN+Tunnel)?

Yes its possible to use VLAN and overlay networks in same zone. There is
no constraint preventing.

>Any limitation on the number of zones an SDN network can span?

No

>What are the services supported by SDN networks?
>What are the services supported by region level VPC?

There is no restriction on the services supported. Think OVS overlay
networking solution as a L2/L3 solution. You can still choose all the
services available for VLAN networks.

>With SDN networks do we support any external devices?

No not at the moment as external devices can not understand tunnelled
(GRE) traffic. 

>Do we support SGs with SDN?

No.

>Do we support monitoring for SDN controller and the GRE tunnels between
>the hosts across zones?

There is no real-time status gathering if tunnelling functioning as
expected. Ideally once you establish tunnel it should just work as
seamlessly as VLAN's.

>What are the alerts and events generated by the controller?

None.

>With SDNs do we support zones with mixed hypervisors?(e.g: zone1 with xen
>and zone2 with ESX)

Only XenServer, KVM are supported.

>If vpc is tied to a zone can we have the tiers spanned across multiple
>zones?

Yes

>If vpc is region level do we have control on the zone in which VR has to
>be deployed?

Yes, you still have start creating a VPC in a zone/

>Networks spanning across multiple zones is applicable only to vpc
>networks(tiers) or any guest network which is not part of vpc as well?

Both for the VPC tiers and regular isolated/shared networks.

>Do we support SDNs in an upgraded environment?

Yes

>Can we upgrade vlan based networks to SDN and vice-versa?

Yes, its possible

>Upgrading zone level vpc to region level vpc and vice-versa?

No

>What are the external dependencies for the SDN to work (ports need to be
>opened on the zone level firewalls)?

Yes, GRE traffic need to be permuted across the zones.

RE: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Sanjeev Neelarapu <sa...@citrix.com>]

Hi ,

Following are the review comments on the FS posted @ https://cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+and
+guest+network+spanning+multiple+zones:

How many guest networks we can scale using SDN?
Do we support mixed networks in a zone (VLAN+Tunnel)?
Any limitation on the number of zones an SDN network can span?
What are the services supported by SDN networks?
What are the services supported by region level VPC?
With SDN networks do we support any external devices?
Do we support SGs with SDN?
Do we support monitoring for SDN controller and the GRE tunnels between the hosts across zones?
What are the alerts and events generated by the controller?
With SDNs do we support zones with mixed hypervisors?(e.g: zone1 with xen and zone2 with ESX)
If vpc is tied to a zone can we have the tiers spanned across multiple zones?
If vpc is region level do we have control on the zone in which VR has to be deployed?
Networks spanning across multiple zones is applicable only to vpc networks(tiers) or any guest network which is not part of vpc as well?
Do we support SDNs in an upgraded environment?
Can we upgrade vlan based networks to SDN and vice-versa?
Upgrading zone level vpc to region level vpc and vice-versa?
What are the external dependencies for the SDN to work (ports need to be opened on the zone level firewalls)?


Thanks,
Sanjeev

-----Original Message-----
From: Murali Reddy [mailto:Murali.Reddy@citrix.com] 
Sent: Wednesday, January 22, 2014 3:51 AM
To: dev@cloudstack.apache.org
Subject: Re: [PROPOSAL] region level VPC and guest network spanning multiple zones


Please find the FS for this proposal at below link. I will be sending out a different proposal covering the enhancements called out in the FS.

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+and
+guest+network+spanning+multiple+zones

On 19/12/13 5:54 PM, "Murali Reddy" <Mu...@citrix.com> wrote:

>I would like to propose two networking models enhancements for ACS 4.4 
>release that will enable building highly available applications. 
>Currently VPC in CloudStack is a zone level entity. So tiers with in 
>the VPC are confined to the zone to which VPC belongs. For an 
>application deployed in current model of VPC failure of the zone is a 
>single point of failure. It is desirable to make VPC a region level 
>entity, where tiers in the VPC can be created in different zones of the 
>region. When tiers can be created in different zones, application 
>hosted in VPC can be architected to be highly available masking zone 
>failures by having redundant tiers in different zones. While it may be 
>seen as natural extension, there are fundamental limitations with 
>VLAN/traditional L2 based networking due to which realizing it would be non-trivial or require special solutions [1].
>Overlay networks [2] in the context of SDN & network virtualization 
>provides a way to build networks that are abstracted from 
>physical/underlay network. An overlay network is typically built with 
>tunnels across edge(vSwitch's in hypervisor) and core is plain L3 network.
>With requirement that L3 connectivity across zones and tunnels can be 
>established across the zones, an overlay network that spans multiple 
>zones is easily realized.
>
>Given the range of SDN controllers that are integrated with CS, goal of 
>this proposal is to leverage advances in SDN & network virtualization 
>introduce below generic notions into CS.
>
>- an advanced zone isolated network that can span multiple zones
>- a region level VPC where tiers belong to different zones.
>
>I have opened bugs [3],[4] to track these two enhancements. As part of 
>the effort I would like to extend the current OVS plug-in (that builds 
>overlay network with GRE tunnels) to realise these two use-cases. I 
>have opened bug [5] to track this enhancement.
>
>As long as we establish tunnels across the zones, we can have overlay 
>networks that are functional, but would be inefficient in handling 
>east-west traffic [6] and BUM traffic. While the problems exist in the 
>overlay networks that are confined to a zone as well, they are 
>compounded when the network spans multiple zones resulting in high 
>cross-zone east-west traffic. I would be sending out a complementary 
>proposal to introduce distributed routing and ACL's for east-west 
>traffic and ARP localisation that will allow only legitimate cross zone east-west traffic.
>
>I will send out a functional specification with detailed requirements, 
>assumptions, limitation etc once I make progress with these enhancements.
>Please share any feedback and comments.
>
>[1]
>http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-in
>ter
>c
>onnect.html
>[2]
>http://etherealmind.com/introduction-to-how-overlay-networking-and-tunn
>el-
>f
>abrics-work/
>[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
>[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
>[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
>[6]
>http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you
>.ht
>m
>l
>
>

Re: [PROPOSAL] region level VPC and guest network spanning multiple zones

[Murali Reddy <Mu...@citrix.com>]

Please find the FS for this proposal at below link. I will be sending out
a different proposal covering the enhancements called out in the FS.

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+and
+guest+network+spanning+multiple+zones

On 19/12/13 5:54 PM, "Murali Reddy" <Mu...@citrix.com> wrote:

>I would like to propose two networking models enhancements for ACS 4.4
>release that will enable building highly available applications. Currently
>VPC in CloudStack is a zone level entity. So tiers with in the VPC are
>confined to the zone to which VPC belongs. For an application deployed in
>current model of VPC failure of the zone is a single point of failure. It
>is desirable to make VPC a region level entity, where tiers in the VPC can
>be created in different zones of the region. When tiers can be created in
>different zones, application hosted in VPC can be architected to be highly
>available masking zone failures by having redundant tiers in different
>zones. While it may be seen as natural extension, there are fundamental
>limitations with VLAN/traditional L2 based networking due to which
>realizing it would be non-trivial or require special solutions [1].
>Overlay networks [2] in the context of SDN & network virtualization
>provides a way to build networks that are abstracted from
>physical/underlay network. An overlay network is typically built with
>tunnels across edge(vSwitch's in hypervisor) and core is plain L3 network.
>With requirement that L3 connectivity across zones and tunnels can be
>established across the zones, an overlay network that spans multiple zones
>is easily realized.
>
>Given the range of SDN controllers that are integrated with CS, goal of
>this proposal is to leverage advances in SDN & network virtualization
>introduce below generic notions into CS.
>
>- an advanced zone isolated network that can span multiple zones
>- a region level VPC where tiers belong to different zones.
>
>I have opened bugs [3],[4] to track these two enhancements. As part of the
>effort I would like to extend the current OVS plug-in (that builds overlay
>network with GRE tunnels) to realise these two use-cases. I have opened
>bug [5] to track this enhancement.
>
>As long as we establish tunnels across the zones, we can have overlay
>networks that are functional, but would be inefficient in handling
>east-west traffic [6] and BUM traffic. While the problems exist in the
>overlay networks that are confined to a zone as well, they are compounded
>when the network spans multiple zones resulting in high cross-zone
>east-west traffic. I would be sending out a complementary proposal to
>introduce distributed routing and ACL's for east-west traffic and ARP
>localisation that will allow only legitimate cross zone east-west traffic.
>
>I will send out a functional specification with detailed requirements,
>assumptions, limitation etc once I make progress with these enhancements.
>Please share any feedback and comments.
>
>[1] 
>http://www.networkworld.com/news/tech/2010/090310-layer2-data-center-inter
>c
>onnect.html
>[2] 
>http://etherealmind.com/introduction-to-how-overlay-networking-and-tunnel-
>f
>abrics-work/
>[3] https://issues.apache.org/jira/browse/CLOUDSTACK-5567
>[4] https://issues.apache.org/jira/browse/CLOUDSTACK-5568
>[5] https://issues.apache.org/jira/browse/CLOUDSTACK-5569
>[6] 
>http://blog.ipspace.net/2011/02/traffic-trombone-what-it-is-and-how-you.ht
>m
>l
>
>