DevBlog #3 - Extending the SDN Controller

The SDN Controller

The SDN Controller is an XO plugin allowing the creation of private networks connecting all the hosts and VMs of a pool.
It is described in its dedicated DevBlog. To give a quick recap: the private network is based on a star topology connecting the hosts with tunnels (either GRE or VxLAN according to the user choice). The SDN Controller also monitors the hosts and VMs to maintain the network.

The new feature

With this coming update, the SDN Controller will allow the creation of cross-pool private networks: this type of private network won't only be pool wide but will connect all the hosts of different pools together in an isolated network.

The topology

When designing this new feature, 2 topologies came to mind:

  • keep it star centered: A single host is elected as star center and has a tunnel to each host of the network's pools
    pool-1-small

  • add a level of abstraction, make a star of stars: Create a private network per pool, connect the star-center of the private networks together in a high-level star topology
    pool-connection-small-1

In order not to have too much workload put on a single host, and to build upon the existing design (and because it is a beautiful image), the choice has been towards the star of stars. Also with this design, only the star-centers of the private networks are aware they are in a meta cross-pool private network. All the other hosts behave like they're in a pool-wide private network.

The meta network is a star where each branch is another star of hosts. The star-center of each branch is connected to the star center of the network at the center of the higher level star:

Here's 3 pools, each with a private network, connected together in a cross-pool pivate network, the pool center is P2.

ovsdb-gretunnel-small

How it works

Essentially, this is a lot like a pool-wide private network, the SDN Controller monitors all the hosts and PIFs.

Here are 2 notable events that require changes in the cross-pool private network:

  • When a star-center goes down, the private network is recreated and a new star-center is elected, then the new star-center is connected to the star-center of the pool-center of the pool-wide private network.
  • When the star-center of the pool-center of the pool-wide private network goes down, a new pool-center is elected, all the star-centers are connected to the pool-center's star-center.

Features

  • All the hosts (and their VMs) can reach one another in the private network (even when in different pools!).
  • Anything outside the private network can't reach it.
  • The network is robust, even to hosts and VMs rebooting, shutting down, being added or removed from the pool, VMs migrating in other pools in the network, etc.

What's next

Next step is adding encryption. And guess what: our initial tests are promising! We'll probably have encrypted IPSEC tunnels relatively soon, allowing all your traffic to flow even on insure networks.