OpenStack Overview, Advantages, Disadvantages, and Implementation of Traffic Mirroring and Cross‑Host Forwarding with Kubernetes, Istio, and Neutron
This article introduces OpenStack’s core components, outlines its strengths and weaknesses, and provides step‑by‑step code examples for achieving traffic mirroring and cross‑host forwarding using Kubernetes, Istio, and OpenStack networking plugins such as Neutron and Calico.
OpenStack is an open‑source cloud computing platform for building and managing private, public, and hybrid clouds, offering services such as compute, image, object and block storage, networking, identity, orchestration, and telemetry.
The platform’s main advantages include being free and open source, highly flexible and scalable, reliable with built‑in backup and load‑balancing features, and portable across different cloud environments.
Its drawbacks are the complexity of the large project, the need for specialized knowledge to deploy and operate, and the responsibility for managing security.
Although OpenStack does not provide a native traffic‑mirroring feature, similar functionality can be achieved by deploying a Kubernetes cluster with Istio, defining Ingress rules that split traffic between two service versions, and applying the configuration.
kubeadm init --pod-network-cidr=10.244.0.0/16helm repo add traefik https://helm.containo.us/helm repo updatehelm upgrade --install ingress-traefik traefik/traefik --namespace kube-system --create-namespaceapiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-ingress
annotations:
ingress.class: istio
spec:
rules:
- host: web.test.com
http:
paths:
- path: /
backend:
serviceName: web-v2-svc
servicePort: 80
- path: /
backend:
serviceName: web-v1-svc
weight: 50 # set traffic split to 50%kubectl apply -f ingress.yamlFor cross‑host traffic forwarding, OpenStack can use Neutron or Calico network plugins; examples include creating a Neutron network and router, configuring IP routes, installing Calico, and setting up Kubernetes with Calico and Istio, then defining similar Ingress rules to split traffic.
neutron net-create mynet
neutron subnet-create mynet 10.0.0.0/24
neutron router-create myrouter
neutron router-interface-add myrouter mysubnet
neutron router-gateway-set myrouter public_gatewayip route add default via 10.0.0.1calicoctl node run --ip=10.0.0.1
calicoctl profile add default
calicoctl profile add k8s
calicoctl profile add web
calicoctl profile add web-v1
calicoctl profile add web-v2
calicoctl profile apply default
calicoctl profile apply k8s
calicoctl profile apply web
calicoctl profile apply web-v1
calicoctl profile apply web-v2
calicoctl config set default-revision-id 0
calicoctl config set k8s-revision-id 0
calicoctl config set web-revision-id 0
calicoctl config set web-v1-revision-id 0
calicoctl config set web-v2-revision-id 0
calicoctl apply -f /etc/calico/confd/conf.d/web-v1.yaml
calicoctl apply -f /etc/calico/confd/conf.d/web-v2.yamlkubeadm init --pod-network-cidr=10.244.0.0/16
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
kubectl apply -f https://docs.projectcalico.org/manifests/calico-kube-controllers.yaml
kubectl apply -f https://docs.projectcalico.org/manifests/calico-node.yamlhelm repo add istio https://istio.io/repo
helm repo update
helm upgrade --install istio-egressgateway istio/istio-egressgateway --namespace istio-system --create-namespaceTest Development Learning Exchange
Test Development Learning Exchange
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.