Learn why Private Cloud Director is the best VMware alternative

Download now
Platform9

Networking in Platform9 Private Cloud Director: Open, Flexible, and Powerful

By · · 7 min read

In this blog, you will learn about Platform9 Private Cloud Director (PCD) networking, focusing on open-source technologies like Neutron, OVN, and OVS. Discover how PCD compares to VMware networking solutions such as vSS, vDS, and NSX, which provide scalable, secure, and automated network infrastructure for private clouds.

Introduction

Modern applications and cloud environments demand agile, scalable, and secure networking. Software-Defined Networking (SDN) decouples network control from the physical hardware, enabling automation, flexibility, and policy-driven management. Platform9 Private Cloud Director (PCD) embraces this paradigm, offering a comprehensive SDN solution built upon robust, widely adopted open-source technologies like Neutron, Open Virtual Network (OVN), and Open vSwitch (OVS). This provides capabilities comparable to proprietary solutions like VMware NSX, but with the benefits of an open architecture.

Core networking architecture in PCD

Platform9 PCD’s networking architecture leverages key open-source components working together:

  1. Neutron: Serves as the primary networking API and control plane service. It provides the user-facing API for defining networks, subnets, routers, security policies (security groups), load balancers, and other networking constructs.
  2. Open Virtual Network (OVN): Acts as a powerful network virtualization control plane, translating the logical network configurations defined in Neutron into logical flows. OVN provides features like distributed virtual routing, distributed logical switches, ACLs (for security groups), and DHCP services. It simplifies network control by providing a higher-level abstraction over the physical and virtual switches.
  3. Open vSwitch (OVS): Functions as the data plane, running as a high-performance virtual switch on each KVM hypervisor host managed by PCD. OVS receives its forwarding rules (programmed as OpenFlow rules) primarily from OVN’s control plane. It forwards traffic between VMs on the same host, connects VMs to virtual networks (VLAN or overlay), and enforces security policies at the edge.

How OVN and OVS Work Together: Think of OVN as the “brain” and OVS as the “muscle.” OVN understands the high-level logical network design (who should connect to what, security rules, routing paths). It translates this logical design into specific, low-level OpenFlow rules. OVN then pushes these rules down to the OVS instances running on the relevant hypervisor hosts. Each OVS instance executes these rules, efficiently switching, routing, and filtering packets exactly as dictated by the logical network topology defined in OVN/Neutron.

Tenant networks within PCD can be implemented using traditional VLANs (mapping virtual networks to physical VLAN IDs) or modern overlay networks like VXLAN or GENEVE, managed efficiently by the OVN/OVS combination. Overlays encapsulate L2 traffic within L3 UDP packets, allowing virtual networks to span across different physical L2/L3 boundaries, offering greater scalability and flexibility.

Virtual Switching: The OVN/OVS foundation (Compared to vSS & vDS)

At the heart of PCD networking lies Open vSwitch (OVS) running on each hypervisor, intelligently controlled by OVN.

  • Basic Functionality (like vSS): At its most basic level, OVS on a host provides L2 connectivity for the VMs running on that specific host, similar to how a VMware Standard Switch (vSS) operates within the scope of a single ESXi host.
  • Centralized Management & Advanced Capabilities (like vDS): However, the crucial difference is that OVS instances across all hosts in a PCD cluster are centrally managed and orchestrated by Neutron via OVN. This centralized control model makes the overall system function much more like a VMware Distributed Switch (vDS), offering similar benefits:
    • Centralized Configuration: Neutron provides the API endpoint, while OVN translates these logical configurations into consistent rules applied across all OVS instances. This ensures consistency and simplifies management compared to configuring switches individually on each host (like vSS).
    • Consistent Feature Set: The OVN/OVS combination supports essential features like VLAN tagging, overlay networking (VXLAN/GENEVE), and provides the necessary data plane capabilities for advanced Neutron services (discussed below), mirroring the advantage of using a vDS over multiple vSS instances.
    • Scalability: The Neutron/OVN/OVS architecture is designed for scalability, managing networking for potentially hundreds or thousands of VMs across many hosts within the cluster, similar to the scalability goals of vDS.

While specific proprietary vDS features (like Network I/O Control or specific health checks) might have different implementations or names within the Neutron/OVN/OVS ecosystem, the core principle of a centrally managed, feature-rich, distributed virtual switch is fundamental to PCD networking, providing capabilities well beyond a basic vSS.

Logical networking services in PCD

Building upon the OVN/OVS foundation, Neutron (often leveraging OVN’s capabilities) provides a suite of SDN services:

  • Virtual Networks (Tenant Networks): Users create isolated Layer 2 networks via the Neutron API. OVN implements these as logical switches, connecting VMs within the same L2 domain using VLANs or overlay protocols.
  • Distributed Virtual Routing: Neutron defines virtual routers, and OVN implements this routing logic in a distributed manner directly within the OVS instances on hypervisors. This handles communication between different tenant networks (East-West traffic) and connectivity to external networks (North-South traffic) efficiently, conceptually similar to NSX’s Distributed Logical Router (DLR).
  • Distributed Firewalling (Security Groups): PCD implements firewalling using Neutron Security Groups. OVN translates these security group rules into efficient ACLs applied directly at the virtual network interface (port) of each VM within OVS. Administrators or users define rules specifying allowed inbound and outbound traffic based on protocol, port ranges, and source/destination. Traffic not explicitly allowed is denied by default. This provides powerful micro-segmentation capabilities, analogous to the functionality offered by VMware NSX Distributed Firewall (DFW).
  • Load Balancing (LBaaS): As detailed previously, PCD integrates Load Balancer as a Service (powered by Octavia with the OVN driver). OVN implements load balancing directly within the distributed router using OpenFlow rules programmed into OVS, eliminating the need for dedicated load balancer VMs.
  • DNS as a Service (DNSaaS): PCD may also offer integrated DNS services to simplify name resolution within the private cloud environment.

Benefits of Platform9 PCD networking

Platform9’s approach to networking offers several advantages:

  • Open Standards: Built on industry-standard, widely adopted open-source projects (Neutron, OVN, OVS), avoiding vendor lock-in.
  • Flexibility: Supports various underlying network technologies (VLANs, overlays) and integrates with diverse physical network hardware.
  • Efficiency: OVN’s architecture enables distributed implementation of routing, firewalling, and load balancing, often leading to better performance and scalability compared to centralized appliance models.
  • Automation: Fully programmable and automatable via standard Neutron APIs and tooling.
  • Integration: Seamlessly integrated with PCD’s compute (KVM/Nova) and storage (Cinder) management.
  • Cost-Effectiveness: Leverages powerful open-source software, potentially reducing licensing costs compared to proprietary SDN solutions.

Platform9 PCD vs. VMware Networking Comparison

This table provides a high-level comparison between the networking capabilities of Platform9 Private Cloud Director (PCD) and various VMware networking technologies.

FeaturePlatform9 PCD NetworkingVMware Networking (vSS / vDS / NSX)
Core Control PlanePrivate Cloud DirectorvCenter Server (for vDS), NSX Manager (for NSX)
Core Data PlaneOpen Virtual Network,  Open vSwitch (OVS) on KVM hosts (Open Source)vSphere Standard Switch (vSS), vSphere Distributed Switch (vDS), NSX Virtual Switch (based on vDS or OVS in some contexts) on ESXi hosts
Basic L2 SwitchingProvided by OVS on each host (Similar concept to vSS locality)vSphere Standard Switch (vSS) provides basic L2 switching per host.
Centralized L2 SwitchingOVS is centrally managed across the cluster (Functionally similar to vDS)vSphere Distributed Switch (vDS) provides centrally managed L2 switching across hosts via vCenter.
Network Segmentation (L2)Networks using VLANs or Overlays (VXLAN, GENEVE)VLANs (on vSS/vDS), Overlays (VXLAN/GENEVE via NSX Logical Switches)
Routing (L3)Neutron Virtual Routers (often Distributed Virtual Routing – DVR)Basic gateway on vSS/vDS; Advanced routing via NSX Distributed Logical Router (DLR) and Edge Services Gateways (ESG) / Tier-0/1 Routers
Firewalling / SecurityNeutron Security Groups (Distributed, stateful firewall at VM NIC) for micro-segmentationBasic port group ACLs (limited); NSX Distributed Firewall (DFW) for stateful micro-segmentation; NSX Edge Firewall for perimeter.
Load BalancingLBaaS (Open-source with OVN driver)NSX Load Balancer (integrated into NSX Edge / Tier-1 Gateways)
ManagementPlatform9 UI / Open-source API / CLIvSphere Client (for vSS/vDS), NSX Manager UI / API
AutomationHigh via standard Open-source Neutron APIHigh via vSphere API and NSX API
Underlying PhilosophyOpen standards-based (Open-source, OVS)Primarily VMware proprietary standards (though NSX-T has increased openness)
Vendor Lock-inMinimal due to open standardsHigher potential for lock-in with proprietary features

Key Takeaways:

  • Platform9 PCD leverages open-source components (Neutron, OVS) to deliver a full SDN stack.
  • While OVS runs per host like a vSS, its central management by Neutron gives it capabilities and operational characteristics much closer to a VMware vDS.
  • PCD provides core networking services (routing, firewalling via Security Groups, LBaaS) that are conceptually analogous to services offered within VMware NSX.
  • The primary difference lies in the underlying technology stack (Open-source vs. VMware proprietary) and the management interfaces.

This comparison should help clarify how Platform9 PCD networking relates to the familiar concepts within the VMware ecosystem.

Conclusion

Platform9 Private Cloud Director delivers a robust and flexible Software-Defined Networking solution grounded in open standards like Neutron, Open Virtual Network (OVN), and Open vSwitch. It provides advanced virtual switching capabilities with centralized management akin to VMware’s vDS, alongside efficient, distributed network services like routing, micro-segmentation via Security Groups, and load balancing powered by OVN. This powerful combination allows organizations to build scalable, secure, and automated network infrastructure for their private clouds, offering a compelling alternative to proprietary networking stacks.

Continue learning

Explore our eight learning modules and become a Private Cloud Director expert. 

Overview & Introduction 

Storage Basics 

Storage Provisioning

Ensuring Uptime

Kubernetes

Optimizing Workloads

LBaaS Networking Basics

Author

  • Chris Jones

    Chris Jones is the Head of Product Marketing at Platform9. He has previously held positions as an Account Executive and Director of Product Management. With over ten years of hands-on experience in the cloud-native infrastructure industry, Chris brings extensive expertise in observability and application performance management. He possesses deep technical knowledge of Kubernetes, OpenStack, and virtualization environments.

    View all posts

Subscribe now to receive similar posts

Meet Private Cloud Director

Easy-to-use software that turns your existing infrastructure into a full-featured private cloud.

Explore

Related Posts

Scroll to Top