I want to design virtual network for at least 100 containers. This network MUST be independent as much as possible.
I uploded a image of my topology in this link:
Some notes about this diagram:
- There is L2 connectivity between OVS switches.(If there isn't, I can use VxLAN)
- There is L3 connectivity between firewalls.
- Gateway of all vlans in this network would be firewall.(At least for simplicity, let's say for now gateway of all vlans would be firewall but in future we can define gateway of some vlans on open vswitches of host B and host C and use VRRP between them)
- There are two failover firewalls.(HA in active/standby mode)
- Firewall will nat outgoing traffic to it's own publish ip.
any thoughts about this design?
and one more question: I want this network to work with sdn controller. so, I use ovs which supports openflow and ovsdb protocols.
But I didn't decide about firewall yet. Which firewall should I use? (I need some sort of firewall with automation capabilities. some firewall with lots of api's for everything and also have good documentation and good community)
Thanks a lot!
No comments:
Post a Comment