settingsLogin | Registersettings

[openstack-dev] [Neutron] [Docs] Definition of a provider Network

0 votes

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4

--


Andreas (IRC: scheuran)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
asked Jan 19, 2016 in openstack-dev by Andreas_Scheuring (6,240 points)   2 9 14

8 Responses

0 votes

Andreas Scheuring scheuran@linux.vnet.ibm.com wrote:

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

I believe your understanding and wording is a lot more in line with
reality. It also captures main differences, and does not mention advanced
services that are not really relevant here.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4

--


Andreas (IRC: scheuran)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Ihar_Hrachyshka (35,300 points)   3 9 16
0 votes

On 19/01/16 07:36, Andreas Scheuring wrote:
Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

I've also spent time trying to understand this, so am happy to offer
that understanding here (for checking?)...

I believe the definition of a 'provider' network is that it is a
network provisioned by the cloud operator - as opposed to 'tenant'
networks that are provisioned by non-admin tenants aka users aka projects.

(I've not seen the term 'Self service' before, but presumably it means
what I'm calling 'tenant'.

Corollaries - but not strictly part of the definition - are that:

  • Provider networks typically 'map more closely' in some sense onto the
    cloud's underlying physical network than tenant networks do. The
    'provider' API extension - which is usually limited by policy to
    operators only, and hence can only be used with provider networks -
    allows the operator to specify that mapping, for example which VLAN to
    map on to. Tenant networks are typically implemented with additional
    layers of encapsulation, in comparison with provider networks, in order
    to allow many tenant networks to coexist on the same compute hosts and
    yet be isolatable from each other.

  • Provider networks typically use the real IP address space, whereas
    tenant networks typically use private IP address space so that multiple
    tenant networks can use the same IP addresses.

The network that is on the external side of a Neutron Router has its
router:external property True, and also has to be a provider network.
Floating IPs come from a subnet that is associated with that provider
network.

It's possible to attach VMs directly to a provider network, as well as
to tenant networks.

To summarize it says:
- Provider Network: primarily uses layer2 services

I don't know what this means. All networks have a layer 2 somewhere.

and vlan segmentation

Yes, but they don't have to. A provider network can be 'flat', which
means that its VM interfaces are bridged onto one of the physical
interfaces of the compute host (and it is assumed that all hosts'
physical interfaces are themselves bridged together). So then any VLAN
that a VM used would be trunked through the physical network.

and cannot be used for advanced services (fwaas,..)

(I didn't know that, but OK.)

  • Self-service Network: is Neutron configured to use a overlay network

Grammar?

and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

Agreed, if s/user/operator/ and s/virtual//. OpenStack users cannot
create provider networks, and I wouldn't call a provider network 'virtual'.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Agreed.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Neil_Jerram (8,580 points)   1 4 11
0 votes

Yes, I think of it as:

A provider network in OpenStack is simply a record specifying the necessary details of the underlying infrastructure so that OpenStack can utilize it. The actual networking services (layer 2 and 3 forwarding, for example) are provided by the infrastructure and configured independently.

John

On Jan 19, 2016, at 4:32 AM, Neil Jerram Neil.Jerram@metaswitch.com wrote:

On 19/01/16 07:36, Andreas Scheuring wrote:

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

I've also spent time trying to understand this, so am happy to offer
that understanding here (for checking?)...

I believe the definition of a 'provider' network is that it is a
network provisioned by the cloud operator - as opposed to 'tenant'
networks that are provisioned by non-admin tenants aka users aka projects.

(I've not seen the term 'Self service' before, but presumably it means
what I'm calling 'tenant'.

Corollaries - but not strictly part of the definition - are that:

  • Provider networks typically 'map more closely' in some sense onto the
    cloud's underlying physical network than tenant networks do. The
    'provider' API extension - which is usually limited by policy to
    operators only, and hence can only be used with provider networks -
    allows the operator to specify that mapping, for example which VLAN to
    map on to. Tenant networks are typically implemented with additional
    layers of encapsulation, in comparison with provider networks, in order
    to allow many tenant networks to coexist on the same compute hosts and
    yet be isolatable from each other.

  • Provider networks typically use the real IP address space, whereas
    tenant networks typically use private IP address space so that multiple
    tenant networks can use the same IP addresses.

The network that is on the external side of a Neutron Router has its
router:external property True, and also has to be a provider network.
Floating IPs come from a subnet that is associated with that provider
network.

It's possible to attach VMs directly to a provider network, as well as
to tenant networks.

To summarize it says:
- Provider Network: primarily uses layer2 services

I don't know what this means. All networks have a layer 2 somewhere.

and vlan segmentation

Yes, but they don't have to. A provider network can be 'flat', which
means that its VM interfaces are bridged onto one of the physical
interfaces of the compute host (and it is assumed that all hosts'
physical interfaces are themselves bridged together). So then any VLAN
that a VM used would be trunked through the physical network.

and cannot be used for advanced services (fwaas,..)

(I didn't know that, but OK.)

  • Self-service Network: is Neutron configured to use a overlay network

Grammar?

and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

Agreed, if s/user/operator/ and s/virtual//. OpenStack users cannot
create provider networks, and I wouldn't call a provider network 'virtual'.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Agreed.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by John_Belamaric (2,140 points)   1 2
0 votes

On 01/19/2016 02:33 AM, Andreas Scheuring wrote:
Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

I don't know the answer to the above questions, however in reading some
of the networking guide last night, I ran into a similar question around
provider networks.

In the "Scenario: Provider Networks with Linux bridge" document [0], the
second paragraph has this statement:

"Also, provider networks lack the concept of fixed and floating IP
addresses because they only handle layer-2 connectivity for instances."

and then, three paragraphs later, this statement is made:

"To improve performance and reliability, provider networks move layer-3
operations to the physical network infrastructure."

So, which is it exactly? Do provider networks handle layer 3 or don't they?

Best,
-jay

[0]
http://docs.openstack.org/liberty/networking-guide/scenario_provider_lb.html


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Jay_Pipes (59,760 points)   3 11 14
0 votes

I agree that the current definition can be improved.

"Provider Network" vs "Self service network" highlights who can
provision a network.

In my understanding, "Provider Network" is a network provisioned by
the cloud operator. Practically the operator cannot provision a network
for a tenant, so a single provider network is shared by tenants.

On the other hand, "Self-service network" scenario allows OpenStack users
to provision their own networks.

In the scenario of "provider network", a single network is shared by
multiple tenants.
and network-related Neutron API calls should be disallowed for tenants.
It is reasonable to disallow tenants to provision routers, firewalls
or VPNs as well.
LBaaS can be used.

I hope this helps improve the text.

Akihiro

2016-01-19 16:33 GMT+09:00 Andreas Scheuring scheuran@linux.vnet.ibm.com:

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4

--


Andreas (IRC: scheuran)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Akihiro_Motoki (8,520 points)   2 3 4
0 votes

On 19.01.2016 15:19, Akihiro Motoki wrote:
I agree that the current definition can be improved.

Here is a docs bug [0]

[0] https://bugs.launchpad.net/fuel/+bug/1513421

"Provider Network" vs "Self service network" highlights who can
provision a network.

In my understanding, "Provider Network" is a network provisioned by
the cloud operator. Practically the operator cannot provision a network
for a tenant, so a single provider network is shared by tenants.

On the other hand, "Self-service network" scenario allows OpenStack users
to provision their own networks.

In the scenario of "provider network", a single network is shared by
multiple tenants.
and network-related Neutron API calls should be disallowed for tenants.
It is reasonable to disallow tenants to provision routers, firewalls
or VPNs as well.
LBaaS can be used.

I hope this helps improve the text.

Akihiro

2016-01-19 16:33 GMT+09:00 Andreas Scheuring scheuran@linux.vnet.ibm.com:

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4

--


Andreas (IRC: scheuran)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
Best regards,
Bogdan Dobrelya,
Irc #bogdando


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Bogdan_Dobrelya (4,920 points)   1 2 5
0 votes

On 19.01.2016 15:31, Bogdan Dobrelya wrote:
On 19.01.2016 15:19, Akihiro Motoki wrote:

I agree that the current definition can be improved.

Here is a docs bug [0]

[0] https://bugs.launchpad.net/fuel/+bug/1513421

I pasted a wrong link, sorry. Here is the correct one [0]

[0] https://bugs.launchpad.net/openstack-manuals/+bug/1535744

"Provider Network" vs "Self service network" highlights who can
provision a network.

In my understanding, "Provider Network" is a network provisioned by
the cloud operator. Practically the operator cannot provision a network
for a tenant, so a single provider network is shared by tenants.

On the other hand, "Self-service network" scenario allows OpenStack users
to provision their own networks.

In the scenario of "provider network", a single network is shared by
multiple tenants.
and network-related Neutron API calls should be disallowed for tenants.
It is reasonable to disallow tenants to provision routers, firewalls
or VPNs as well.
LBaaS can be used.

I hope this helps improve the text.

Akihiro

2016-01-19 16:33 GMT+09:00 Andreas Scheuring scheuran@linux.vnet.ibm.com:

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

Thanks!

[1]
http://docs.openstack.org/liberty/install-guide-rdo/overview.html#id4

--


Andreas (IRC: scheuran)


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
Best regards,
Bogdan Dobrelya,
Irc #bogdando


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Bogdan_Dobrelya (4,920 points)   1 2 5
0 votes

Yes, that definitely needs to be cleaned up a bit as well. Provider
networks still provide IP addresses, it's just that Neutron normally isn't
responsible for providing L3 routing for them.

On Tue, Jan 19, 2016 at 9:15 AM, Jay Pipes jaypipes@gmail.com wrote:

On 01/19/2016 02:33 AM, Andreas Scheuring wrote:

Hi everybody,

I stumbled over a definition that explains the difference between a
Provider network and a self service network. [1]

To summarize it says:
- Provider Network: primarily uses layer2 services and vlan segmentation
and cannot be used for advanced services (fwaas,..)
- Self-service Network: is Neutron configured to use a overlay network
and supports advanced services (fwaas,..)

But my understanding is more like this:
- Provider Network: The Openstack user needs information about the
underlying network infrastructure to create a virtual network that
exactly matches this infrastructure.

  • Self service network: The Openstack user can create virtual networks
    without knowledge about the underlaying infrastructure on the data
    network. This can also include vlan networks, if the l2 plugin/agent was
    configured accordingly.

Did the meaning of a provider network change in the meantime, or is my
understanding just wrong?

I don't know the answer to the above questions, however in reading some of
the networking guide last night, I ran into a similar question around
provider networks.

In the "Scenario: Provider Networks with Linux bridge" document [0], the
second paragraph has this statement:

"Also, provider networks lack the concept of fixed and floating IP
addresses because they only handle layer-2 connectivity for instances."

and then, three paragraphs later, this statement is made:

"To improve performance and reliability, provider networks move layer-3
operations to the physical network infrastructure."

So, which is it exactly? Do provider networks handle layer 3 or don't they?

Best,
-jay

[0]
http://docs.openstack.org/liberty/networking-guide/scenario_provider_lb.html


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
Kevin Benton


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jan 19, 2016 by Kevin_Benton (24,800 points)   3 5 6
...