One of my ExpertExpress engagements focused on networking in a future private cloud that might be built using OpenStack. The customer planned to deploy multiple data centers, and I recommended that they do everything they can to make sure they don’t make them a single failure domain.
OpenStack supports multiple levels of failure isolation, including availability zones and regions:
- Availability zone is primarily a Nova (read: compute) construct similar to VMware HA cluster. AZ awareness was added to Neutron not so long ago, but it seems to be just that: awareness (or as the documentation says: hints).
AWS VPC provides better isolation: you might configure a VPC to span more than one availability zone, but you cannot stretch a subnet across more than one availability zone. Contrary to evangelists working for networking vendors AWS architects obviously know how to make a stable network.
- Regions are distinct API entry points similar to VMware vCenter instances – just the thing to use if you want the data centers to be independent.
It’s my understanding that you cannot span a tenant network across multiple regions… at least I haven’t found any multi-region confederation capability in OpenStack documentation (apart the ability to select regions in client-facing dashboards).
You can configure the same set of provider networks in multiple OpenStack regions and connect them outside of OpenStack using VLANs or VRFs.
Of course one might use an SDN controller underneath Neutron (Contrail or Nuage VSP come to mind) and use BGP to link multiple instances assuming you can somehow synchronize L3VPN RT/RD values across OpenStack instances (similar to AWS VPC peering), but it might be simpler to connect regions across provider networks.
Have I missed something? Comments are (as always) most welcome!
Want to discuss viability of OpenStack in your private cloud or integration of your data center with public OpenStack offerings? Why don't you enroll into the Building the Next-Generation Data Center online course?