Cable: A Unified Virtual Network Architecture for OpenStack and Kubernetes

In OpenStack architecture, Neutron manages virtual machine networking, while Kubernetes provides its own network modules like Flannel and Calico. Maintaining separate network systems for OpenStack and Kubernetes increases management overhead and hinders VM‑container network interoperability. To address this, the virtual network working group has created a unified virtual network architecture called Cable.

The current virtual network setup suffers from three main issues: separate management of physical, VM, and container networks; centralized DHCP and metadata services in Neutron agents leading to robustness problems; and the complexity of VXLAN implementation requiring external routers.

Cable aims to provide unified management of physical, VM, and container networks with direct inter‑connectivity, simplify the Neutron agent by adopting a distributed architecture for DHCP and metadata, implement VXLAN at the virtual network layer, and add new features such as traffic mirroring.

Key Implementation Points

1. Virtual Data Plane : Replaces OVS with the more capable virtual router vrouter.ko , an open‑source data module from Juniper’s OpenContrail. Unlike OVS’s simple packet forwarding, vrouter.ko supports virtual network routing, VXLAN, flow‑based security groups, NAT/SNAT, and traffic mirroring, simplifying network function development.

2. Self‑Developed Management Plane : A new management plane uniformly controls OpenStack and Kubernetes network modules, uses Kubernetes watch mechanisms to monitor resource changes, implements distributed DHCP, and leverages vrouter.ko flow capabilities for NAT and security groups.

3. Cable Workflow : When a user request reaches the Neutron Server, the Contrail Neutron Plugin forwards it to Cable’s Control Node. The Control Node proxies the request to the API, which dispatches it to appropriate modules (controller for computation, IPAM for address management). Each compute node runs a Cable agent that listens to the Control Node via REST API and invokes vrouter.ko to add, delete, or modify network resources.

OpenStack Compatibility

Cable maintains the original Neutron interfaces, replaces Neutron’s database with etcd, and consolidates DHCP‑agent, metadata‑agent, and L3‑agent into a unified cable‑agent. Consequently, OpenStack command‑line tools and RESTful APIs remain unchanged, enabling seamless migration and easier operations.

Conclusion

The new Cable architecture integrates diverse network planes, simplifies network function modules, and enhances robustness. The core components—virtual data plane, self‑developed management plane, and workflow—are largely completed, delivering DHCP, metadata, and VLAN networking, with future work targeting security groups, VXLAN, automated deployment, and comprehensive monitoring.