Re: [ovs-discuss] VPNaas support for OVN
Hi Benjamin, I am very interested in this topic as well. We do use Openstack VPNaaS and we would like to migrate to OVN. But as long as OVN does not provide VPNaaS compatibility or VPNaaS get's extended to support OVN we are stuck. All the best, Florian EveryWare AG Florian Engelmann Cloud Platform Architect Zurlindenstrasse 52a CH-8003 Zürich T +41 44 466 60 00 F +41 44 466 60 10 florian.engelm...@everyware.ch www.everyware.ch From: discuss on behalf of Benjamin Reichel Sent: Monday, July 6, 2020 3:26 PM To: ovs-discuss@openvswitch.org Subject: [ovs-discuss] VPNaas support for OVN Hi everyone, I may placed my question in the wrong mailing list: https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddev&umid=53f59695-c89f-4baf-92f3-6d4f53b05163&auth=fa814cae8e3b5ad76c4a1e4edb2cf50eb4885306-c57e6e8b3ec79ccaf4f6fd349a97694adae6a8fa . Let's try again. Does OVN support VPNaas? If not, is there any roadmap for it or some WIP? Thanks, Benjamin ___ discuss mailing list disc...@openvswitch.org https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddiscuss&umid=53f59695-c89f-4baf-92f3-6d4f53b05163&auth=fa814cae8e3b5ad76c4a1e4edb2cf50eb4885306-3a1f2e1a87171055dda42db85cc90fa4a1832d3c smime.p7s Description: S/MIME cryptographic signature ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] [OVN] VPN IPsec and Wireguard
Am 20.03.20 um 10:08 schrieb Numan Siddique: > On Fri, Mar 20, 2020 at 4:11 AM Engelmann Florian > wrote: >> yes but only to encrypt its tunnels not to build a IPsec site2site >> connection. We do use Neutron-VPNaaS and would like to migrate to OVN asap. >> But currently VPNaaS does not support OVN and while using namespaces is an >> option I would love to see "native" VPN (site2site ipsec and Wireguard) >> support in OVN. > By site2site you mean IPSec between 2 independent OVN deployments ? Or > one OVN deployment and other non OVN deployment ? We (and our customers) have to create IPsec site2site VPNs to all kind of devices of our customers (eg. Cisco ASA, M0n0wall, ...) > As I understand, neutron VPNaaS is an advanced service in openstack. > Doesn't neutron-vpnaas work with OVN ? There was some effort but it was never finished: https://bugs.launchpad.net/networking-ovn/+bug/1586253 This solution was based on Linux namespaces but natvie IPsec site2site VPN support in OVN would be much more solid. NSX-T also supports Neutron-VPNaaS: https://docs.vmware.com/de/VMware-NSX-T-Data-Center/2.5/nsxt-openstack-plugin-installation/GUID-A09013E2-74DD-46ED-A98F-8311BC30FAD4.html So I guess OVN could as well? > If not can we add support in neutron-vpnaas for OVN ? I'm really not > sure how we can add this support natively in OVN. > > If your requirement is to interconnect 2 OVN deployments, you can > probably explore the ovn interconnection feature > which was added recently. You can refer here [1] if you're interested. > > Thanks > Numan > > > [1] - > https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.ovn.org%2fen%2fsupport%2fdist%2ddocs%2fovn%2darchitecture.7.html&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-04bdf5b54b589434dc522b0d889f2936285bb4aa > (and grep for OVN Deployments Interconnection) > - > https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.ovn.org%2fen%2fsupport%2fdist%2ddocs%2fovn%2dic.8.html&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-618a0023de1bb5d57bcfcdd428b386bd14b38dcb > - > https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fdocs.ovn.org%2fen%2flatest%2ftutorials%2fovn%2dinterconnection.html&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-3c62decabd68bf5b751ddf5675b3667dff8c073e > > > >> Holen Sie sich Outlook für Android >> >> From: Ben Pfaff >> Sent: Thursday, March 19, 2020 9:15:03 PM >> To: Engelmann Florian >> Cc: ovs-discuss@openvswitch.org >> Subject: Re: [ovs-discuss] [OVN] VPN IPsec and Wireguard >> >> On Thu, Mar 19, 2020 at 08:34:10AM +, Engelmann Florian wrote: >>> are there any plans to support any VPN technology with OVN like IPsec >>> or Wireguard? >> OVN supports IPsec. >> ___ >> discuss mailing list >> disc...@openvswitch.org >> https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddiscuss&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-74259adec5f937388f4074a326850cfb0c6bcf8e -- EveryWare AG Florian Engelmann Cloud Platform Architect Zurlindenstrasse 52a CH-8003 Zürich T +41 44 466 60 00 F +41 44 466 60 10 florian.engelm...@everyware.ch www.everyware.ch smime.p7s Description: S/MIME cryptographic signature ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] [OVN] VPN IPsec and Wireguard
yes but only to encrypt its tunnels not to build a IPsec site2site connection. We do use Neutron-VPNaaS and would like to migrate to OVN asap. But currently VPNaaS does not support OVN and while using namespaces is an option I would love to see "native" VPN (site2site ipsec and Wireguard) support in OVN. Holen Sie sich Outlook für Android<https://aka.ms/ghei36> From: Ben Pfaff Sent: Thursday, March 19, 2020 9:15:03 PM To: Engelmann Florian Cc: ovs-discuss@openvswitch.org Subject: Re: [ovs-discuss] [OVN] VPN IPsec and Wireguard On Thu, Mar 19, 2020 at 08:34:10AM +, Engelmann Florian wrote: > are there any plans to support any VPN technology with OVN like IPsec > or Wireguard? OVN supports IPsec. smime.p7s Description: S/MIME cryptographic signature ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] [OVN] VPN IPsec and Wireguard
Hi, are there any plans to support any VPN technology with OVN like IPsec or Wireguard? All the best, Florian EveryWare AG Florian Engelmann Cloud Platform Architect Zurlindenstrasse 52a CH-8003 Zürich T +41 44 466 60 00 F +41 44 466 60 10 florian.engelm...@everyware.ch www.everyware.ch smime.p7s Description: S/MIME cryptographic signature ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] OVN solid underlay
Hi, we are currently using the neutron reference setup in our Openstack platform (python agents + OVS). Our "underlay" is a layer 3 CLOS (OSPF Cisco) with L2 VLANs from Leaf to Servers and subnets per rack (all IPv4). But we would like to migrate to OVN and add Ironic to our service portfolio. Are there any recommendations regarding OVN and a solid underlay that still supports Ironic? We have to exchange the switches anyway (EOL) so we are open for any new vendor. What about cumulus? All the best, Florian smime.p7s Description: S/MIME cryptographic signature ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
