Proxmox SDN, openvswitch, and linux bridges

l0rdraiden

Active Member
Jan 23, 2018
8
0
41
39
I want to start a new deploy of proxmox, single server, it will have a "medium" network complexity since it will have a virtual firewall and several vm/LXC

What would the best approach for the network from a security and performance point of view?

What is the status of Proxmox SDN? is already usable and available in the web ui? is faster than linux bridges?
 
Last edited:
What is the status of Proxmox SDN?
Working stable
is already usable and available in the web ui?
yes when the package is installed on all nodes
is faster than linux bridges?
it's the same as the implementation is using linux bridges
 
about sdn, I'm the main author and I'm using in production (around 4000vms) with evpn. So yes it's stable, and I don't plan to break it ;)

About speed, sdn is using linux bridge, so it's same speed.

It's only a different way to setup them (globally at datacenter level), with also new kind of network support (qinq, vxlan, evpn,...).

New features will coming soon (ipam/dhcp)
 
about sdn, I'm the main author and I'm using in production (around 4000vms) with evpn. So yes it's stable, and I don't plan to break it ;)

About speed, sdn is using linux bridge, so it's same speed.

It's only a different way to setup them (globally at datacenter level), with also new kind of network support (qinq, vxlan, evpn,...).

New features will coming soon (ipam/dhcp)
Spirit, In your environment are you just using standard linux bridge/bond networking with SDN and skipping OVS? Trying to learn best practices. Is OVS kind of obsolete with SDN? For us non network monkeys.
 
Spirit, In your environment are you just using standard linux bridge/bond networking with SDN and skipping OVS? Trying to learn best practices. Is OVS kind of obsolete with SDN? For us non network monkeys.
Well, the sdn in proxmox is currently using linux bridge everywhere in background, because you can almost do everything with linux bridge.
(linux bridge= full kernel , ovs = mix kernel + mix ovs service . If the service crash, you loose network).
So, keep it simple.
and for advanced sdn we have bgp-evpn, standard vxlan, standard bgp, and works only with linux bridg.




OVS is used by some sdn controller like OVN , or other openflow controllers. (I known a user working on ovn integration).
Technically, it's possible to create plugin for ovs.
 
Well, the sdn in proxmox is currently using linux bridge everywhere in background, because you can almost do everything with linux bridge.
(linux bridge= full kernel , ovs = mix kernel + mix ovs service . If the service crash, you loose network).
So, keep it simple.
and for advanced sdn we have bgp-evpn, standard vxlan, standard bgp, and works only with linux bridg.




OVS is used by some sdn controller like OVN , or other openflow controllers. (I known a user working on ovn integration).
Technically, it's possible to create plugin for ovs.
Thank you
 
Well, the sdn in proxmox is currently using linux bridge everywhere in background, because you can almost do everything with linux bridge.
(linux bridge= full kernel , ovs = mix kernel + mix ovs service . If the service crash, you loose network).
So, keep it simple.
and for advanced sdn we have bgp-evpn, standard vxlan, standard bgp, and works only with linux bridg.

Is there technical reasons it can't work with OVS, or just a matter of ProxMox made a decision it'll be more cost effective to not also bother with OpenVSwitch for SDN?

OVS is used by some sdn controller like OVN , or other openflow controllers. (I known a user working on ovn integration).
Technically, it's possible to create plugin for ovs.

Hmm.. would like to have a look at that, as I have the need/use of a config server ala AWS, with some IP that is flow-switched. I think OpenStack uses OpenVSwitch for similar.
 
Is there technical reasons it can't work with OVS, or just a matter of ProxMox made a decision it'll be more cost effective to not also bother with OpenVSwitch for SDN?
Well, technically it's possible to implemented ovs plugin. (I'm currently helping a user to create an ovn plugin).

But for my point of view, openflow sdn controllers are dead since end of 201x. Because they are centralized controllers and generaly are not "standard" and can't be integrated with real switch hardware. A lot of openflow vendors are dead too.

That's why I have implemented bgp-evpn, it's standard && decentralized. (as proxmox don't have central node, it's perfect fit).
Also pve-firewall is using iptables/nftables. (That should mean implement a ovs openflow firewall too)


So, The architecture of sdn is open to add your own sdn plugin (or if some vendors want to implement it themself).
 
Thank you, for explaining the reasoning!

But for my point of view, openflow sdn controllers are dead since end of 201x. Because they are centralized controllers and generaly are not "standard" and can't be integrated with real switch hardware. A lot of openflow vendors are dead too.

Hmmm... interesting statement, given that there are still updates on OpenVSwitch/OVN in the last couple of months with 3.3.0s release.

Which also asks for something else, to understand direction and this comparison of DPDK vs VPP in OVN, is there considerations for supporting VPP/fd.io in ProxMox?

Reason I'm asking for future proofing my current deployments, but also to find how/where I can get some sFlow type output from the ProxMoxs
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!