Choosing a Network Back End for Red Hat OpenStack Platform

Red Hat OpenStack Platform (prior to version 10) offers two distinctly different networking back ends: Nova networking and OpenStack Networking (neutron).

• Nova networking has been deprecated in the OpenStack technology roadmap, and is expected to be removed in Red Hat OpenStack Platform 10.
• OpenStack Networking is considered the core software-defined networking (SDN) component of OpenStack's forward-looking roadmap and is under active development.

It is important to consider that there is currently no migration path between Nova networking and OpenStack Networking. This would impact an operator's plan to deploy Nova networking with the intention of upgrading to OpenStack Networking at a later date. At present, any attempt to switch between these technologies would need to be performed manually, and would likely require planned outages.

Note: Nova networking is not available for deployment using the Red Hat OpenStack Platform Director.

Choose OpenStack Networking (neutron)

• If you require an overlay network solution: OpenStack Networking supports GRE or VXLAN tunneling for virtual machine traffic isolation. With GRE or VXLAN, no VLAN configuration is required on the network fabric and the only requirement from the physical network is to provide IP connectivity between the nodes. Furthermore, VXLAN or GRE allows a theoretical scale limit of 16 million unique IDs which is far beyond the 4094 limitation of 802.1q VLAN ID. Nova networking bases the network segregation on 802.1q VLANs and does not support tunneling with GRE or VXLAN.

• If you require overlapping IP addresses between tenants: OpenStack Networking uses the network namespace capabilities in the Linux kernel, which allows different tenants to use the same subnet range (for example, 192.168.100/24) on the same Compute node without any risk of overlap or interference. This is suited for large multi-tenancy deployments.

  By comparison, Nova networking offers flat topologies that must remain mindful of subnets used by all tenants.

• If you require a Red Hat-certified third-party OpenStack Networking plug-in: By default, Red Hat Enterprise OpenStack Platform 5 (and higher) use the open source ML2 core plug-in with the Open vSwitch (OVS) mechanism driver. Based on the physical network fabric and other network requirements, third-party OpenStack Networking plug-ins can be deployed instead of the default ML2/Open vSwitch driver due to the pluggable architecture of OpenStack Networking.

  Red Hat is constantly working to enhance our Partner Certification Program to certify more OpenStack Networking plugins against Red Hat Enterprise OpenStack Platform. You can learn more about our Certification Program and the certified OpenStack Networking plug-ins at http://marketplace.redhat.com.

• If you require VPN-as-a-service (VPNaaS), Firewall-as-a-service (FWaaS), or Load-Balancing-as-a-service (LBaaS): These network services are only available in OpenStack Networking and are not available for Nova networking. The dashboard allows tenants to manage these services with no need for administrator intervention.

Choose Nova networking

• If your deployment requires flat (untagged) or VLAN (802.1q tagged) networking: This implies scalabilty requirements (theoretical scale limit of 4094 VLAN IDs, where in practice physical switches tend to support a much lower number) as well as management and provisioning requirements. Specific configuration is necessary on the physical network to trunk the required set of VLANs between the nodes.

• If your deployment does not require overlapping IP addresses between tenants: This is usually suitable only for small, private deployments.

• If you do not need a software-defined networking (SDN) solution, or the ability to interact with the physical network fabric.

• If you do not need self-service VPN, Firewall, or Load-Balancing services.