Comment 12 for bug 1458890

Revision history for this message
Mike Dorman (mdorman-m) wrote : Re: Add segment support to Neutron

More or less. For us (Go Daddy), the L2 boundary is that host aggregate/rack level. We call them "pods", which are defined as all the compute hosts tied to a single top-of-rack access switch pair. L2 stops at the access layer and everything beyond that is L3 only.

Today we create a Neutron provider network for each pod, but users are unaware of this. We transparently schedule instances to a network based on what host they get scheduled to. Said other way, users do not have the opportunity to choose their network.

Ultimately each of those per-pod/per-L2-domain Neutron networks are part of a security zone within our Network (which really is a L3 VRF.) It's _that_ level that we want to give users a choice of (what security zone their instance goes to.) So we'd like some construct in Neutron to be able to describe that the L3 network (for us, security zone) is comprised of many underlying L2 network segments.

I think that at a basic level this is what most other large deployers are doing. @Neil/Calico project is a similar setup, as I understand it, except the L2 boundary/segment is per-host and it's all L3 up from there.