Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

About nsm support network topology like this? #10519

Closed
316953425 opened this issue Nov 22, 2023 · 6 comments
Closed

About nsm support network topology like this? #10519

316953425 opened this issue Nov 22, 2023 · 6 comments
Assignees
@denis-tingaikin
Labels
question Further information is requested

Comments

@316953425
Copy link

316953425 commented Nov 22, 2023
edited

Hi
I would like to know if nsm can support this kind of network topology?
image

client is a user terminal on the Internet such as iso app
server is a government or for-profit website
We cannot make any changes to the client and server environments.
Previously, we used the macvlan function provided by k8s network components. I am promoting the nsm project within the company. In the future, we plan to base our business on nsm.
Could Nsm allow the client to access the interface nic1 provided by nsm to nse, and then send the data packet to the server through the nic2 provided by nsm to nse?
thank you
@316953425 316953425 changed the title About nsm support network topology About nsm support network topology like this? Nov 22, 2023
@316953425
Copy link
Author

hi,@denis-tingaikin@glazychev-art
Could you help me see if nsm can support such a feature, thank you very much

@denis-tingaikin
Copy link
Member

Hello @316953425 ,

I think it would be useful if you shared the use case on our next community weekly call: https://networkservicemesh.io/community#weekly-meetings (see links to join and time by the link). It may really help with resolving questions.

Before that, let me get a few details on the use case.

As I can see, the mission is to join clients with endpoints that are not located in the kubernetes.
Is my diagram correct?

flowchart LR

Client/VM1 ---|nsm tunnel| Endpoint/VM2

@denis-tingaikin denis-tingaikin added the question Further information is requested label Nov 23, 2023
@316953425
Copy link
Author

316953425 commented Nov 23, 2023
edited

Hello @316953425 ,

I think it would be useful if you shared the use case on our next community weekly call: https://networkservicemesh.io/community#weekly-meetings (see links to join and time by the link). It may really help with resolving questions.

Before that, let me get a few details on the use case.

As I can see, the mission is to join clients with endpoints that are not located in the kubernetes. Is my diagram correct?

flowchart LR

Client/VM1 ---|nsm tunnel| Endpoint/VM2

Hi, @denis-tingaikin
Maybe I didn’t express it clearly, it’s not the way you drew it.

The client and server are all users on the Internet.
It is assumed that the physical machine network card of the node where nse is located can access the Internet and can be accessed by the Internet at the same time.
Can nsm create interfaces for nse that can access the Internet and be accessed by users on the Internet?
For example, the client is in Houston, USA, the server is in New Jersey, USA, and the k8s cluster where nsm is located may be in Los Angeles, USA. I want to know whether the interface 1 created by nsm for nse can be ping by client in Houston. , can interface 2 created by nsm for nse ping server in New Jersey?

@denis-tingaikin
Copy link
Member

denis-tingaikin commented Nov 24, 2023
edited

Short answer: yes.

Long answer: The implementation is based on requirements. I provided a simplified scheme above without a K8S cluster to check if you really need it because NSM can be run in anywhere. So if we need to use a K8S cluster in the topology, we could definitely consider a floating VL3 scenario.
https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/multicluster/usecases/floating_vl3-basic

(Note: in the VL3 network, each client is reachable, and it could provide a workload. For example, we could join to the vl3 network a database as a nsc, and it could be reachable by other nscs in the vl3 network.)

Simplified topology:

flowchart TB
    subgraph k8s cluster in Los Angeles
    vl3-nse-vpp
    end
    subgraph VM1 in Houston
    app1-.-nsc1
    nsc1---vl3-nse-vpp
    end
    subgraph VM2 in New Jersey
    app2
    app2-.-nsc2
    nsc2-.-nsc1
    nsc2---vl3-nse-vpp
    end

Note: we dont need to change anything in app1, app2.

We'd like to learn more about your use case, so feel free to join our next weekly call on Tuesday. See more details in https://networkservicemesh.io/community#weekly-meetings

@316953425
Copy link
Author

Short answer: yes.

Long answer: The implementation is based on requirements. I provided a simplified scheme above without a K8S cluster to check if you really need it because NSM can be run in anywhere. So if we need to use a K8S cluster in the topology, we could definitely consider a floating VL3 scenario. https://github.com/networkservicemesh/deployments-k8s/tree/main/examples/multicluster/usecases/floating_vl3-basic

(Note: in the VL3 network, each client is reachable, and it could provide a workload. For example, we could join to the vl3 network a database as a nsc, and it could be reachable by other nscs in the vl3 network.)

Simplified topology:

flowchart TB
    subgraph k8s cluster in Los Angeles
    vl3-nse-vpp
    end
    subgraph VM1 in Houston
    nsc1---vl3-nse-vpp
    end
    subgraph VM2 in New Jersey
    nsc2---vl3-nse-vpp
    end

We'd like to learn more about your use case, so feel free to join our next weekly call on Tuesday. See more details in https://networkservicemesh.io/community#weekly-meetings

hi @denis-tingaikin
We cannot make any changes to the client and server environments.
I think your plan may not work
@glazychev-art
Do you have any other suggestions? Thanks

@denis-tingaikin
Copy link
Member

denis-tingaikin commented Nov 24, 2023
edited

Hello @316953425 

It's not possible to create an NSM network in an environment that is not under control and where we can't run NSM components.

Feel free to ask your questions in the NSM CNCF Slack channel or weekly meeting; see links here.
 https://networkservicemesh.io/community
 
 
 UPD: I've updated the diagram in previous comment #10519 (comment) that demonstrates the NSM network if we have access to machines.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@denis-tingaikin denis-tingaikin

Labels
question Further information is requested
Projects
Release v1.12.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@316953425 @denis-tingaikin