Cloud networking still relies too much on physical network constructs like networks, routers, and ports instead of logical abstractions. Kubernetes uses virtual IPs and DNS names for services which is better, but lacks features of OpenStack networking. We should define communication groups that can intercommunicate, and have networking support firewalls, load balancing, and VPNs between groups. This logical approach leaves physical details behind, makes adding features easier, and would be well supported in Dragonflow.

1. Cloud Networking - Leaving
the Physical Behind
Omer Anson
Software Physicist
Dragonflow PTL

2. Problem description (How we do it)
OpenStack networking is still physical
Still based on
Networks
Routers
Ports
Security groups
Why is that?

3. Current solution (How Kubernetes does it)
Every pod (Read: Network namespace) has a cluster-public IP
Services (Read: Load-balancer) have a virtual IP
Virtual IPs have names (DNS)
Security done with NetworkPolicy
but it’s beta
not everyone supports it
Lacks Power Of Openstack
Built-in VPN, Firewall, QoS, isolation

4. What we should do
VMs, or containers, or pods live in groups
Groups have a name
Open communication inside the group
Define which groups can inter-communicate
Networking can support
Firewall
Elastic load-balancing
VPN

5. What we should do
Elastic Load Balancing
API based access
With VPN!
Firewall
Integration
With Legacy networking
With Heat and Magnum
With SFC

6. Conclusion
Let’s leave the physical behind
Networking in cloud should say what can connect
Not how to connect
And then it’s also easy to add cool features
And it would probably be easiest to do it in Dragonflow!
Because unsolicited advertisement :)