In spite of the long list of products or open-sourced SDN (Software Defined Networks) solutions to opt these days, the finally amount is limited due to stability and scalability reasons. Worst is if you think trying to bring network resources to some applications that will require direct support from vendors; limitations include components like Hyper-Visors. Despite you can run any of these apps over these technologies without problems, apps’ vendors don’t bring support – usually the limitation is part of a vendor lock-in strategy, sounds not cool, but it’s a real –
You can tell whatever you want about SDN concepts. Somebody told me the most basic that’s network control layer is fully based on software, leaving the data layer physically supported. Some others told me that SDN brings automation that helps you to not touch/update any physical device when network’s configuration changes. However, when you need to apply SDN to your Cloud, the meaning is completely reduced to get virtual resources to fully meet all your network configuration needs: virtual switches, virtual routers, port filtering, NAT, IP tunneling, etc…
A virtual switch is the most basic concept to use SDN on your Cloud
OpenVSwitch is, as you can figure it out from the name, a virtual switch based on open standards – and there is an open source version also -. OpenVSwitch (OVS) helps to define independent networks resources inside every tenant in your cloud and manage the same standards as any physical switch (i.e. VLANs), also you can duplicate MACs and private IP subnets among different tenants without any issue at all.
We were testing for a while OpenVSwitch directly connected to OpenStack Neutron APIs, as part of a beautiful portfolio of network services that includes VPN and Load Balancers as a Service. However, we have found that the open-sourced version of OVS is difficult to scale – we’ve found a cool way to manage it, but of course, I won’t full disclosure yet this secret ingredient that helps us to get what we have today, news coming later with more info 😉 –
I don’t need to justify why to use Neutron instead the classic Nova-Network solution into the OpenStack ecosystem… Just do it! You will get L3 devices (virtual routers) that can be configured by any user and advanced features at every OpenVSwitch like IP-Tunneling. Neutron also helps you to avoid bridged your network configuration to the physical VLAN or Node’s Network Interface through OVS. Hungry for more info, you can read a interesting post from Radoslaw Tomaszewski.
OSV is using OSV-Agents at every Compute Server in order to bring this Networks Virtual capabilities at every User Tenant and get Setup information from the OSV-Plugin installed at Neutron Server. Also, OSV-PlugIn communicates the user-defined security and routing rules to Neutron Server (i.e. iptables) at every virtual router configured into the tenants.
If you want more and something out-of-the-box to support your SDN solution with VMWare or/and OpenStack, there is a high chance you need to dig into your pocket. One of the most exciting solutions comes from Nicira – now, a VMWare’s company – Nicira is the most important contributor to OpenVSwitch’s project and has developed enhanced capabilities on NSX in comparison to the normal OVS’s features. In Summary, these capabilities helps you to manage, control and scale-out all the OSV operations (user-defined security and routing rules, flow and network tenants’ settings, tunnels, etc. ) in a consolidated and simple way through an external NSX Controller Cluster. This NSX controller works fully integrated to OpenStack Neutron replacing the OVS-Plugin and components like iptables.
well, see you next!