A cloud computing fabric, such as Openstack, should provide configuration interfaces allowing consumers of the clouds, or tenants, to dynamically provision compute, storage and networking resources for their needs.
Openstack currently provides customer-facing services for managing compute and storage resources, respectively nova and swift. However, networking is not yet a ‘first-class citizen’ in the Openstack world, as it is currently implicitly managed by nova services.
The goal of the Netstack project is to provide a set of customer-facing services for managing networking within an Openstack cloud, thus allowing providers to offer “Networking as a Service” (NaaS) to their customers.
Netstack, which is an open source project hosted in launchpad, can be regarded as a container for projects related to cloud networking and has been conceived to address cloud consumers’ needs concerning networking, such as:
- Being able to build and configure virtual isolated networks for VM instances in the cloud;
- Secure virtual networks with firewalls;
- Managing IP configuration and routing across virtual networks;
- Avoid lock-in to a specific vendor technology or solution;
The project official started at the last Openstack Design Summit, which has been sponsored by Citrix; several companies from the networking, telecommunications and virtualization world are actively involved; this list includes Cisco, Intel, Midokura, Mellanox, Nicira Networks, NTT-Data, Rackspace, and, of course, Citrix.
Several subprojects have already started for Netstack:
- Quantum, aimed at providing Layer-2 networking as a service;
- Melange, whose goal is to provide IP Address Management (IPAM) service to instances running in the cloud;
- Donabe, which allow for managing “containers” of network resources for tenants.
The idea is to avoid a single monolithic entity providing all the sorts of network services; instead distinct network services are decomposed into independent projects, which can be either deployed individually or work together as a suite. For instance, a provider might choose to deploy provide layer-2 networking only through Quantum, whereas another provider could decide to manage layer-2 networks with Quantum, and at the same time use Melange to provide IP configuration to VMs running in Quantum networks.
Another important aspect of the Netstack project is its interaction with Nova, which is currently being refactored in order to support network services different by nova-network. This work will allow Nova to create instances and then delegate to NetStack services network-related operations, such as plugging virtual network interfaces into virtual networks, configuring firewall rules for these interfaces, or granting VPN access to virtual networks.