[pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

Alexandre DERUMIER aderumier at odiso.com
Mon Jan 29 11:46:36 CET 2018 

Hi,

>>I would avoid the floating-ip/nat 1:1 stuff as the plague. 

>>We also did some research on the same thing your trying to do I think. 
>>Since your are also working with cumulus (IIRC you referred to it). 

>>We didn't implement it, but if you are interested, we could sync 
>>and see if we can help each other. I looks as a pretty good way to go 
>>forward. 

yes, we can avoid it.
The trick is if we manage public ip in a vxlan in the vm, we need to connect it
to the real world / router network.

It's not difficult if we can do bgp to the router. but I think Dietmar want something
for user with a simple router/default gw. (so with some proxy-arp trick).

nat 1:1/floating ip , is just doing the trick because it's doing the translation between "virtual" vxlan
and physical "public" network.


>>*for public ipv4 ip space:* 
>>
>>Use bgp on the pve hosts and use redistribute neighbor. 
>>https://docs.cumulusnetworks.com/display/DOCS/Redistribute+Neighbor 
>>https://cumulusnetworks.com/blog/introducing-rdnbr/ 


>>*for private networks:* 

>>the bgp evpn stuff seems the most easy to do and from what I understand 
>>what you are working on as well. 
>>https://vincent.bernat.im/en/blog/2017-vxlan-bgp-evpn 
>>
>>I would expect that to just work. 


yes, bgp-evpn works out of the box :) I have send on this mailing at the begining of this thread
a sample quagga/frr config, around 10 lines of configuration.
with anycast gateway on all proxmox nodes.
It's really easy to deploy "private / only proxmox network" vxlan. All nodes peers together and exchange route/mac location.

As i said, the tricky part is to connect a proxmox vxlan to outside world. (but if your router can do bgp, you simply need to peer with them,
and vxlan network will be announce to physical network)


>>From the mail discussion there 
>>still seems to be some issue. What is the core issue? its unclear to me 
>>from the discussion. 

No special issue ;)  I think they are a lot of possible network design (maybe some user want nat1:1, other users want public on vm directly,...).
I think We need to focus on a model first, and try to extend later.


ebgp-vpn is really sexy, it's really possible to have a ditributed control plane with no central spof/gateway.


I'll try to make a poc with external routers + proxmox cluster,full bgp, and send full config on the mailing.




----- Mail original -----
De: "Herman Bos" <hbos at osso.nl>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Lundi 29 Janvier 2018 11:12:23
Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ?

On 26 January 2018 at 12:12, Alexandre DERUMIER <aderumier at odiso.com> wrote: 

> I have talked with my network engineer, 
> 
> he's only see 2 possibility: 
> 
> 
> 1 use floating-ip/nat 1:1 on compute node and translate to vm private 
> address 
> (so external router see mac-adress of compute node for the floating ip) 
> 
> or 
> 
> if vm have public ip directly, a vxlan need to be done between the compute 
> node and the external router(so the router see the vm mac address directly). 
> This can be done with a physical router (if it support vxlan), or another 
> proxmox "network" node gateway (with a default gateway to external router) 
> 
> 
> 
Hi Alexandre, 

I would avoid the floating-ip/nat 1:1 stuff as the plague. 

We also did some research on the same thing your trying to do I think. 
Since your are also working with cumulus (IIRC you referred to it). 

We didn't implement it, but if you are interested, we could sync 
and see if we can help each other. I looks as a pretty good way to go 
forward. 



*for public ipv4 ip space:* 

Use bgp on the pve hosts and use redistribute neighbor. 
https://docs.cumulusnetworks.com/display/DOCS/Redistribute+Neighbor 
https://cumulusnetworks.com/blog/introducing-rdnbr/ 


*for private networks:* 

the bgp evpn stuff seems the most easy to do and from what I understand 
what you are working on as well. 
https://vincent.bernat.im/en/blog/2017-vxlan-bgp-evpn 

I would expect that to just work. From the mail discussion there 
still seems to be some issue. What is the core issue? its unclear to me 
from the discussion. 

kind regards, 

Herman 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list