- Notifications
You must be signed in to change notification settings - Fork3
Create simple VPCs written in (mostly) Go using Linux bridges/netlinks, iptables & network namespaces
License
tcfw/vpc
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
For fun and to learn!
- Compute hosts facilitate the creation and management of VM's or containers
- Route hosts provide virtual routers
- Management hosts (not in diagram) provide management facilities such as BGP route reflection and configuration management.
There is no technical reason why a compute host can also be a route host and vice-versa. This simply provides better security, bandwidth and segregation of duties on hosts.
Each VM, namespace or container is connected to a Linux bridge (with VLAN filtering enabled) on a compute host. Compute hosts are connected via Linux VxLAN devices (VTEPs).
VxLAN learning is disabled by default. Learning is derived from an ML-BGP-L2VPN-EVPN client (viafrr) on each compute host and route reflectors on management hosts.
Each 'tenant' is separated by VxLAN VNI's and each Subnet is protected via inner VLAN tagging on a Linux bridge per tenant.
The L2 agent provides a GRPC API to create bridges, VxLAN VTEPs and manage VLAN tagging on the bridges.
Can set up to use a linux VxLAN device, or use a TAP device with VxLAN encapsulation. The TAP device allows easier handling of ARP/ICMPv6 soliciations in the future.
The L3 agent provides the functionality to create the virtual router namespaces and provide simple DHCP/NAT & routing capabilities.
Simple block storage - raft based replicated block storage medium exposing NBD endpoints
Openstacks Neutron in Linux bridge mode.