multiple vlan tenant networks?

asked 2017-05-04 08:58:05 -0500

vlad-belogrudov gravatar image

updated 2017-05-05 06:02:16 -0500


I wonder if it is possible to use multiple network interfaces / bridge mappings for VLAN tenants. Also in case of 1 VLAN network for tenant how does neutron differentiate it from external VLAN mapping? User interface does not allow to specify network mapping.

Example: 2 external vlan interfaces and 2 tenant ones. In this case my configuration would be:

network_vlan_ranges = provider0,provider1,vlan2:200:299,vlan3:300:399

bridge_mappings = provider0:br-ext0,provider1:br-ext1,vlan2:br-vlan2,vlan3:br-vlan3

How can neutron decide on choosing correct vlan mapping for tenant? Will it pick provider0 if normal user creates a network?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2017-05-05 04:12:03 -0500

Are you connecting your instances to provider networks or tenant networks? Both can be of type VLAN.

Provider case

You can have multiple VLAN-type provider networks. You configure them in the agent configuration file, for LinuxBridge you would specifiy

physical_interface_mappings = provider0:vlan123,provider1:vlan124,provider2:vlan125

This example assumes that your network infrastructure has three VLANs with IDs 123, 124 and 125, and that you have corresponding network interfaces on the hosts that connect to the external network.

As admin, you then create three external networks with

openstack network create .... --provider-physical-network provider0 ... ext-net0
openstack network create .... --provider-physical-network provider1 ... ext-net1
openstack network create .... --provider-physical-network provider2 ... ext-net2

Then, when launching your instance, you specify two or more --nic options that connect it to ext-net0, ext-net1 or ext-net2

Tenant NW case

The admin configures VLAN as the first tenant network type and provides a VLAN ID range. When a normal user creates a network, Neutron assigns the next free VLAN ID; the user has no control over this. As admin, you can use the --provider-segment option to specify a VLAN ID (same for VXLAN, GRE or Geneve tunnel ID if the network has a tunnel type).

edit flag offensive delete link more


Thanks Bernd! I have 2 tenant interfaces eth2,3. eth0,1 are for provider. I use ovs and my config is:

[ml2_type_vlan] network_vlan_ranges = provider0,provider1,vlan2:200:299,vlan3:300:399

[ovs] bridge_mappings = provider0:br-ext0,provider1:br-ext1:vlan2:br-vlan2,vlan3:br-vlan3

vlad-belogrudov gravatar imagevlad-belogrudov ( 2017-05-05 04:53:00 -0500 )edit

So, anything wrong with that? I do see a syntax error:


There should be a comma between ext1 and vlan2.

Bernd Bausch gravatar imageBernd Bausch ( 2017-05-05 05:37:12 -0500 )edit

thanks, yes

vlad-belogrudov gravatar imagevlad-belogrudov ( 2017-05-05 06:02:34 -0500 )edit

Hi Bernd,

Will it work if I create one tenant network with VXLAN and another one with GRE ? What should be changed in ml2_conf.ini ?

nahian gravatar imagenahian ( 2018-05-04 08:04:00 -0500 )edit

You need to configure both GRE and VXLAN type drivers and tenant network types. See the configuration docu and the NW guide.

Bernd Bausch gravatar imageBernd Bausch ( 2018-05-04 08:51:49 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2017-05-04 08:58:05 -0500

Seen: 1,206 times

Last updated: May 05 '17