The SDN Controller
The SDN Controller is an XO plugin allowing the creation of private networks connecting all the
VMs of a
It is described in its dedicated DevBlog. To give a quick recap: the private network is based on a star topology connecting the
VxLAN according to the user choice). The SDN Controller also monitors the
VMs to maintain the network.
The new feature
With this coming update, the SDN Controller will allow the creation of cross-pool private networks: this type of private network won't only be pool wide but will connect all the hosts of different pools together in an isolated network.
When designing this new feature, 2 topologies came to mind:
In order not to have too much workload put on a single host, and to build upon the existing design (and because it is a beautiful image), the choice has been towards the star of stars. Also with this design, only the star-centers of the private networks are aware they are in a meta cross-pool private network. All the other hosts behave like they're in a pool-wide private network.
The meta network is a star where each branch is another star of hosts. The star-center of each branch is connected to the star center of the network at the center of the higher level star:
Here's 3 pools, each with a private network, connected together in a cross-pool pivate network, the pool center is
How it works
Essentially, this is a lot like a pool-wide private network, the SDN Controller monitors all the
Here are 2 notable events that require changes in the cross-pool private network:
- When a star-center goes down, the private network is recreated and a new star-center is elected, then the new star-center is connected to the star-center of the pool-center of the pool-wide private network.
- When the star-center of the pool-center of the pool-wide private network goes down, a new pool-center is elected, all the star-centers are connected to the pool-center's star-center.
- All the
VMs) can reach one another in the private network (even when in different pools!).
- Anything outside the private network can't reach it.
- The network is robust, even to
VMsrebooting, shutting down, being added or removed from the pool,
VMsmigrating in other pools in the network, etc.
Next step is adding encryption. And guess what: our initial tests are promising! We'll probably have encrypted IPSEC tunnels relatively soon, allowing all your traffic to flow even on insure networks.