Join me for an architectural, developer oriented overview of (GRE and VXLAN) tunnels in OpenStack Networking.
In the virtualization environment virtual machines are hosted on hypervisors. These VMs then obtain network connectivity via software switches run in the same hypervisors. Data centers that provide infrastructure as a service have (hopefully) multiple customers (Or 'tenants'). As you can imagine we don't want tenants' VMs interacting with one another.
VLANs are a natural approach to achieve tenant segregation. However, how do we maintain scalability with a growing number of hypervisors and VMs, when the administrator has to constantly configure the hardware switches manually? Is there another way?
We all use VPNs to connect to our office resources remotely, or to connect two office sites into one seamless network. VPNs are essentially encrypted tunnels, but what are tunnels?
Tunnels allow us to wrap packets inside more packets. In our context - VM traffic in exterior IP packets. That way, to the intermediate networking hardware, it looks like traffic between the hypervisors. Since the hypervisors should already be able to talk to each other, this makes VM connectivity a breeze!
Let's explore how tunnels are used in the cloud as a means to achieve an overlay network. What is an overlay network? How does traffic flow between virtual machines on the same hypervisor, and on different hypervisors? What are the similarities between a layer 2 learning switch and tunnel logic in OpenStack? How does Open vSwitch fit in? Is there a cost to using tunnels?
This talk will be useful to developers interested in learning about new networking concepts - Minimal background knowledge will be assumed.
Speakers: Assaf Muller