Support for connecting two Apps through VLAN

[gabhijit-izel]

When two applications are deployed in a Reservation, it should be possible to use "Connectivity Service" (VLAN) provided by Cloudshell to connect those applications

• Implement Apply Connectivity Operation
• Implement Prepare Connectivity Operation (eg. creating a network that uses provider VLANs?)
• Add an interface on the network to deployed VMs
• Assign OpenStack Subnet to the interface - [ ] Verify connectivity support using basic SSH Ping

A more detailed discussion about connectivity

1. L2 connectivity using VLANs is possible - we have verified following

• On the same compute node, isolation is provided using Linux network namespaces
• On different compute nodes and between VMs to Physical nodes isolation is provided using VLANs (it can be GRE Tunnels/VxLANs etc. eg. Quali Office Openstack deployment uses VxLAN)

2a. It is possible to have L2 broadcast domains spanning across VMs and physical networks -

2b. However - pure L2 connectivity is not possible in OpenStack - What this means is -

• We can not simply define L2 networks with VLAN IDs and forget. We need to assign subnet and some L3 IP Addresses with DHCP
• This may be because - openstack is managing things like Floating IPs for instances, for this it needs to know about L3 addresses that are assigned to interfaces.

1. What we have also observed is - in a given broadcast domain it is possible to assign a subset of IPs using DHCP and other IPs can be 'externally managed' (note: however that we cannot have 2 DHCP Servers on the network - that'd create mess. So physical resources should have IP addresses assigned by non-DHCP mechanism). This is one limitation that we have to work with.
2. What this means for floating IPs -
   Floating IPs - it's important to know the use-case. It is possible in Openstack to assign 'floating IP to a particular fixed IP' or otherwise it gets assigned to nic with lexicographically smallest UUID.
3. Security groups are not required (at openstack level) to connect between physical resources and virtual resources that are on the 'same VLAN and hence on the same L2 network'. However it's likely that the VMs may implement some firewalls themselves, that limits seamless connectivity.

[pascaljoly]

the use case is the following: once the VLANid is assigned from CloudShell, create a network mapped to the VLANid in Openstack then add an interface to the VM instance with that network assignment.

[gabhijit-izel]

Basic POC of Connecting Apps through VLAN

1. Add two apps to reservation
2. Add VLAN Auto Service
3. Connect Apps to VLAN Auto Service
4. Deploy

Observations about VLAN connectivity to be noted down and next set of tasks to be defined.