Page MenuHomePhabricator
Create Task
Maniphest T373869

Cloud VPS: design target vxlan setup
Closed, ResolvedPublic
Actions

Description

This ticket is to track the design of the target vxlan-based network setup for Cloud VPS.

Related Objects
Search...

Event Timeline

aborrero created this task.Sep 3 2024, 12:33 PM
Restricted Application removed a subscriber: taavi. · View Herald TranscriptSep 3 2024, 12:33 PM
aborrero changed the task status from Open to In Progress.Sep 3 2024, 12:34 PM
aborrero triaged this task as Medium priority.
aborrero moved this task from Backlog to Doing on the User-aborrero board.
aborrero added a comment.Sep 3 2024, 12:52 PM

This is a preliminary plan / idea.

The target setup is as follows:

  • we have no vlan-based network in the system.
  • we have a single, flat vxlan-based network which can be used in a similar fashion as the vlan-based one we have today (legacy). We call this network cloud-flat, for example.
  • the network has a different addressing than the legacy one.
  • tenant VMs be directly connected to this cloud-flat network.
  • the main neutron router as a port in this cloud-flat network.
  • this network can also serve as a "trunk" network for future tenant networks. This is, a tenant router will connect to this subnet for it to have external connectivity.
  • the CIDR can be 172.16.8.0/22 (1k addresses) or 172.16.8.0/21 (2k addresses)

In order to reach this target, we will have an intermediary setup, in which both the legacy vlan-based subnet and the new cloud-flat one will co-exists.

  • VMs connected to any of the two subnets will have full connectivity network-wise (but firewalling may happen as usual, via neutron security groups)
  • at some point, we will disable creation of new VMs connected to the old network

A diagram to illustrate the different stages:

image.png (683×1 px, 101 KB)

aborrero added a subscriber: Andrew.Sep 3 2024, 4:19 PM

How do we allow users to create VMs on a different subnet? The horizon 'new vm' panel doesn't show the option. Having a default one is also fine, maybe.

Any idea @Andrew ?

aborrero closed this task as Resolved.Sep 4 2024, 3:09 PM
aborrero added subscribers: fnegri, dcaro.

in a meeting, I shared this design today with @cmooney @dcaro and @fnegri with no major objections and a few comments:

  • We need to double check that the VXLAN tunnels are actually circulating using cloud-private.
  • We need to double check the MTU settings on the affected interfaces and subnets.
  • We will need to revisit the tenant network bits when we get there. Having the single flat subnet in between the routers may not be what we want after all. But this doesn't invalidate the rest of the plan.
aborrero mentioned this in T248881: CloudVPS: research VXLAN implementation for neutron.Sep 4 2024, 3:10 PM
aborrero mentioned this in T374020: openstack: instrument VXLAN-based flat network.Sep 4 2024, 3:13 PM

follow up in T374020: openstack: instrument VXLAN-based flat network

aborrero added a comment.Sep 5 2024, 12:54 PM

To keep with the pattern in netbox, we will attach the deployment suffix to the network name:

  • cloud-flat-eqiad1
  • cloud-flat-codfw1dev
fnegri moved this task from Backlog to Done on the cloud-services-team (FY2024/2025-Q1-Q2) board.Sep 24 2024, 1:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits