Versions Compared

Old Version 9

changes.mady.by.user Abhinandan Prateek

Saved on

compared with

New Version 10

changes.mady.by.user Abhinandan Prateek

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

https://issues.apache.org/jira/browse/CLOUDSTACK-9163

Branch

4.8

 

Introduction

  In cloudstack traffic between VPC’s is routed via there public interface by core-routers. OSPF protocol running on VPC routers in conjunction with the core-routers will take care of routing between different VPC’s as well as public network in most efficient manner.  VPC’s traffic will be directly routed via its router without going thru the core routers. 

Use Case

In large organisations where the end-to-end access is a requirement, the current VPC model brings more complexity to management and hands-on configuration beside the overhead involved in the NAT address translations processing. In this kind of enterprise environments, the VR needs to route networks using both, public and private IPs. Using this approach, the NATing is unnecessary because the networks will be routed and dynamically announced using the OSPF protocol. When a new network is added, OSPF protocol advertises it to the Core  Router. Neighbouring VPC routers will then get this advertisement from the Core Routers. This way dynamically routed VPC router will be aware of such routers in their neighbourhood and will be able to route the traffic directly to such routers.

The VPC's thus form an autonomous system with core routers sitting at the boundary of this autonomous system.

 

Image Removed

 

 

About Quagga

  Quagga implements OSPF (v2, v3) and is found suitable to run on debian based VPC virtual router to provide dynamic routing. Quagga is an advanced software routing package that provides a suite of TCP/IP-based routing protocols and provides implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix-like platforms, particularly FreeBSD, Linux, Solaris and NetBSD.

 Currently the inter VPC traffic has to go thru the public gateway. This means the traffic has to be nat-ed across public internet via core-routers, which is inefficient in itself. A more efficient approach will be to route the traffic within cloudstack and even better if no nating is involved.

  OSPF provides a way to connect two VPCs using the optimal route between them without needing nat-ing. OSPF achieves this by maintaining and advertising the most efficient routes between various OSPF enabled routers. When a new VPC is added its OSPF enabled router advertises the routes to other routers, thereby each of them learn to route traffic properly between them. 

       This design document looks into how OSPF can be implemented in cloudstack to make inter VPC communication more manageable and efficient. 

 

Implementation

In this implementation the focus will be on IPv4, though Quagga supports both IPv4 and IPv6 and will not be constrained when in future IPv6 support is added. The firewall, port forwarding, Network ACLs, DNS, DHCP and Password Reset services running on the router will continue to work as they do now on VPC routers.

When OSPF is selected for a zone, cloudstack will prompt for additional information in order to configure a inter VPC-Transit network on the existing public network for this zone.  For simplicity we will use the existing zone wide public network as VPC-transit network. A VPC VR router sits at the boundary of the VPC tiered network in Area X. This router will advertise its routing table to the other Area X routers including the designated router. These routes are then picked up by other boundary routers. When one of the VPC's VM wants to communicate with another VPC's VM the router now knows how to direct the traffic via the VPC/Transit network(which is also the cloudstack public network).

All the VPC VR will be connected to transit network forming OSPF Area X. Cloudstack will auto generate the priorities of these routers that will help them elect a designated router.

So  OSPF will take care of routing the traffic originating from various tiers to another VPCs tiers. So that none of the existing functionality is affected all the existing other static routes will also still be set on quagga based router. (An example of static routes is attached at the end of this doc)

Limitation: In this first implementation, 1.  only one OSPF area per Zone will be supported, 2. the implementation will be for IPv4 only.

About Quagga

  Quagga implements OSPF (v2, v3) and is found suitable to run on debian based VPC virtual router to provide dynamic routing. Quagga is an advanced software routing package that provides a suite of TCP/IP-based routing protocols and provides implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix-like platforms, particularly FreeBSD, Linux, Solaris and NetBSD.

 

Image Added

OSPF Transit Network

The public network (VPC-Transit network) will be used as transit network for OSPF for all the dynamically routed VPCs in the zone. If dynamic routing is enabled for the the zone additional information will be collected. This information will be stored in network_details table for the given public network.

...