For fun and to learn!

• Compute hosts facilitate the creation and management of VM's or containers
• Route hosts provide virtual routers
• Management hosts (not in diagram) provide management facilities such as BGP route reflection and configuration management.

There is no technical reason why a compute host can also be a route host and vice-versa. This simply provides better security, bandwidth and segregation of duties on hosts.

Each VM, namespace or container is connected to a Linux bridge (with VLAN filtering enabled) on a compute host. Compute hosts are connected via Linux VxLAN devices (VTEPs).

VxLAN learning is disabled by default. Learning is derived from an ML-BGP-L2VPN-EVPN client (via frr) on each compute host and route reflectors on management hosts.

Each 'tenant' is separated by VxLAN VNI's and each Subnet is protected via inner VLAN tagging on a Linux bridge per tenant.

The L2 agent provides a GRPC API to create bridges, VxLAN VTEPs and manage VLAN tagging on the bridges.

Can set up to use a linux VxLAN device, or use a TAP device with VxLAN encapsulation. The TAP device allows easier handling of ARP/ICMPv6 soliciations in the future.

The L3 agent provides the functionality to create the virtual router namespaces and provide simple DHCP/NAT & routing capabilities.

Simple block storage - raft based replicated block storage medium exposing NBD endpoints

Openstacks Neutron in Linux bridge mode.