Hi all, Does anyone have an opinion on the implementation of dynamic routing in Isolated networks and VPCs?
So far the design is: 1 - Operator configures one or more BGP peers for a given Zone (with different metrics) 2 - Operator presents a pool of Private AS numbers to the Zone (just like we do for VLANs) 3 - When a network is created with an offering which has dynamic routing enabled an AS number is allocated to the network 4 - ACS configures the BGP session on the VR (using FRR), advertising all its connected networks Any and all input will be very welcome. Cheers, Alex From: Alex Mattioli Sent: Wednesday, April 17, 2024 3:25 AM To: us...@cloudstack.apache.org; dev@cloudstack.apache.org Subject: Dynamic routing for routed mode IPv6 and IPv4 Isolated and VPC networks Hi all, I'd like to brainstorm dynamic routing in ACS (yes, again... for the newcomers to this mailing list - this has been discussed multiple times in the past 10+ years) ACS 4.17 has introduced routed mode for IPv6 in Isolated networks and VPCs, we are currently working on extending that to IPv4 as well, which will support the current NAT'ed mode and also a routed mode (inspired by the NSX integration https://www.youtube.com/watch?v=f7ao-vv7Ahk). With stock ACS (i.e. without NSX or OpenSDN) this routing is purely static, with the operator being responsible to add static routes to the Isolated network or VPC tiers via the "public" (outside) IP of the virtual router. The next step on this journey is to add some kind of dynamic routing. One way that I have in mind is using dynamic BGP: 1 - Operator configures one or more BGP peers for a given Zone (with different metrics) 2 - Operator presents a pool of Private AS numbers to the Zone (just like we do for VLANs) 3 - When a network is created with an offering which has dynamic routing enabled an AS number is allocated 4 - ACS configures the BGP session on the VR, advertising all its connected networks This way there's no need to reconfigure the upstream router for each new ACS network (it just needs to allow dynamic BGP peering from the pool of AS numbers presented to the zone) This implementation could also be used for Shared Networks, in which case the destination advertised via BGP is to the gateway of the shared network. There could also be an offering where we allow for end users to setup the BGP parameters for their Isolated or VPC networks, which can then peer with upstream VNF(s). Any and all input is very welcome... Taking the liberty to tag some of you: @Wei Zhou<mailto:wei.z...@shapeblue.com> @Wido den Hollander<mailto:w...@widodh.nl> @Kristaps ÄŒudars<mailto:kristaps.cud...@telia.lv> Cheers, Alex
