Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tcfw/vpc

Create simple VPCs written in (mostly) Go using Linux bridges/netlinks, iptables & network namespaces
https://github.com/tcfw/vpc

golang linux-bridge netlink netns vlans vxlan xdp

Last synced: 8 days ago
JSON representation

Create simple VPCs written in (mostly) Go using Linux bridges/netlinks, iptables & network namespaces

Host: GitHub
URL: https://github.com/tcfw/vpc
Owner: tcfw
License: mit
Created: 2019-11-08T10:58:38.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2020-11-11T04:29:50.000Z (almost 4 years ago)
Last Synced: 2024-08-02T02:14:47.337Z (3 months ago)
Topics: golang, linux-bridge, netlink, netns, vlans, vxlan, xdp
Language: Go
Homepage:
Size: 751 KB
Stars: 33
Watchers: 2
Forks: 3
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-repositories - tcfw/vpc - Create simple VPCs written in (mostly) Go using Linux bridges/netlinks, iptables & network namespaces (Go)

README

VPC

Create simple VxLAN based VPC's written in (mostly) Go using Linux bridges/netlink, iptables & network namespaces.

## Why?
For fun and to learn!

# Schematic
![vpc](./docs/res/vpc.jpg "VPC")

## Host Types
- Compute hosts facilitate the creation and management of VM's or containers
- Route hosts provide virtual routers
- Management hosts (not in diagram) provide management facilities such as BGP route reflection and configuration management.

> There is no technical reason why a compute host can also be a route host and vice-versa. This simply provides better security, bandwidth and segregation of duties on hosts.

## Connectivity
Each VM, namespace or container is connected to a Linux bridge (with VLAN filtering enabled) on a compute host. Compute hosts are connected via Linux VxLAN devices (VTEPs).

## VTEP Learning
VxLAN learning is disabled by default. Learning is derived from an ML-BGP-L2VPN-EVPN client (via [frr](https://github.com/FRRouting/frr)) on each compute host and route reflectors on management hosts.

## Segregation
Each 'tenant' is separated by VxLAN VNI's and each Subnet is protected via inner VLAN tagging on a Linux bridge per tenant.

# Agents
## L2
The L2 agent provides a GRPC API to create bridges, VxLAN VTEPs and manage VLAN tagging on the bridges.

### Transports
Can set up to use a linux VxLAN device, or use a TAP device with VxLAN encapsulation. The TAP device allows easier handling of ARP/ICMPv6 soliciations in the future.

## L3
The L3 agent provides the functionality to create the virtual router namespaces and provide simple DHCP/NAT & routing capabilities.

## SBS
Simple block storage - raft based replicated block storage medium exposing NBD endpoints

# Similar architectures
[Openstacks Neutron](https://wiki.openstack.org/wiki/Neutron) in Linux bridge mode.