Hi Clint, the original Romana announcement message was also posted on openstack-dev on Monday.
You bring up a good points w/Ironic. Will need to think about that a bit more. Thanks CM ᐧ On Wed, Feb 3, 2016 at 12:16 PM, Clint Byrum <[email protected]> wrote: > Excerpts from Chris Marino's message of 2016-02-01 06:08:34 -0800: > > Hello everyone, just wanted to let you know that today we opened up the > > repos for the new open source networking project we’ve been working on. > > It’s called Romana and the project site is romana.io. > > > > Thought you would be interested because it enables multi-tenant > networking > > without a virtual network overlay. It's targeted for use with > applications > > that only need L3 networks so we’ve been able to eliminate and simplify > > many things to make the network faster, and easier to build and operate. > > > > If you run these kind of Cloud Native apps on OpenStack (or even directly > > on bare metal with Docker or Kubernetes), we’d love to hear what you > think. > > We’re still working on the container CNM/CNI integration. Any and all > > feedback is welcome. > > > > The code is on Github at github.com/romana and you can see how it all > works > > with a demo we’ve set up that lets you install and run OpenStack on EC2 > > <http://romana.io/try_romana/openstack/>. > > > > You can read about how Romana works on the project site, here > > <http://romana.io/how/romana_basics/>. In summary, it extends the > physical > > network hierarchy of a layer 3 routed access design > > <http://romana.io/how/background/#routed-access-datacenter> from spine > and > > leaf switches on to hosts, VMs and containers. > > > > This enables a very simple and intuitive tenancy model: For every tenant > > (and each of their network segments) there is an actual physical network > > CIDR on each host, with all tenants sharing the host-specific address > > prefix. The advantage of this is that route aggregation makes route > > distribution unnecessary and collapses the number of iptables rules > > required for segment isolation. In addition, traffic policies, such as > > security rules, can easily be applied to those tenant or segment specific > > CIDRs across all hosts. > > > > Any/all comments welcome. > > Really interesting, thanks Chris. For baremetal, which is a very real > thing for users of OpenStack right now, this presents some challenges. > > The agents that sit on compute nodes in Romana are not going to be able > to enforce any isolation themselves, since baremetal nodes will end > up on the same L2. The agents would either have to get back into the > business Neutron ML2 is in, of configuring switches through a mechanism > driver, or servers would have to self-isolate, which may not be obvious > or acceptible for some. I wonder if you've thought through any other > solution to that particular problem. > > I also think you should share this on openstack-dev, as the developers > may also be aware of other efforts that may conflict with or complement > Romana. > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
