> I think it doesn't break the current model, as the firewall is done on the > fwbr between the vmbr and the tap interface.
>>not a problem then (if it works). >>>I'll test today. Just tested, it's working fine. ----- Mail original ----- De: "aderumier" <aderum...@odiso.com> À: "dietmar" <diet...@proxmox.com> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Mercredi 24 Janvier 2018 09:56:56 Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ? >>I just think there are many ways to provide that interconnect layer, >>basically >>any VPN or SDN solution? yes, generaly SDN solution have their own gateway system, to interconnect virtual and physical world. openvswitch ovn : http://docs.openvswitch.org/en/latest/topics/high-availability/ opencontrail: http://www.opencontrail.org/category/Gateway/ vmware nsx edge: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-3F96DECE-33FB-43EE-88D7-124A730830A4.html In this case, you need an sdn controller somewhere, and manage it with api. If we want to use linux stack,we need to implement this by ourself with vxlan/iptables nat/dhcp (and proxmox cluster is the sdn "controller" ) (With plugins, I think it can be done, as it's almost the same for all kinds of sdn : manage gateway, manage nat, s-nat, dhcp,....) Personnaly, I'm more to focus on linux stack first to have something working without external controller. > I think it doesn't break the current model, as the firewall is done on the > fwbr between the vmbr and the tap interface. >>not a problem then (if it works). I'll test today. ----- Mail original ----- De: "dietmar" <diet...@proxmox.com> À: "aderumier" <aderum...@odiso.com> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Mercredi 24 Janvier 2018 09:21:54 Objet: Re: [pve-devel] proxmox 2018 : add support for "virtual" network and network plugins ? > >>Besides, I would start with something simpler than that. Maybe a virtual > >>network with NAT... > > If you want something simpler (so without vxlan-evpnbgp, or anycast gateway), > the only way is to manage central "network node" which handle > nat,s-nat,dhcp,.., > like classic openstack model. (and need to manage failover) > I just think there are many ways to provide that interconnect layer, basically any VPN or SDN solution? > >>We need to make sure that we can provide firewall service for those > >>'virtual' networks. > > I think it doesn't break the current model, as the firewall is done on the > fwbr between the vmbr and the tap interface. not a problem then (if it works). _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
