To reduce the likelihood of guest traffic impacting management traffic, segregation of traffic between multiple physical interfaces is recommended. At a minimum, two interfaces should be used: one that serves as a dedicated interface for management and API traffic (control plane), and another that serves as a dedicated interface for external and guest traffic (data plane). Additional interfaces can be used to further segregate traffic, such as storage.
The following table demonstrates the networks and services traversing two interfaces with multiple VLANs:
|
Service/function |
Purpose |
Interface |
VLAN |
|
SSH |
Host management |
eth0 |
10 |
|
APIs |
Access to OpenStack APIs |
eth0 |
15 |
|
Overlay network |
Used to tunnel overlay (VXLAN, GRE, GENEVE) traffic between hosts |
eth1 |
20 |
|
Guest/external network(s) |
Used to provide access to external cloud resources and for VLAN-based project networks |
eth1 |
Multiple |