how l2 agent binds the ip to the vm?

asked 2017-07-11 10:51:30 -0600

br gravatar image

I was going through the following link to understand the vm instantiation flow with respect to neutron: I have the doubt at step 9. and step 9 says "Step9: A similar RPC notification is also provided to the L2 Agent residing on the same compute node the VM was created. From now onwards this L2 agent will take over."

As per the above statement, L2 agent will get notify from neutron server about new port and L2 agent will bind this port to the newly created instance.

But in another blog I found the following diagram, which says L2 agent continuously scans about newly created instances, and when it found new instance, it will get the details from neutron. image description

Could some one please clarify, L2 agent involvement in Vm instantiation.

edit retag flag offensive close merge delete


I researched that a few months ago (Mitaka) and believe that the diagram is correct for ML2: The agent on the compute node discovers the plugged VIF, then contacts the neutron server via RPC for info, which it uses to configure the OVS or Linux bridge or whatever other structure it oversees.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-11 20:07:17 -0600 )edit

Now, do other core plugins or other ML2 mechanism drivers use the same approach? I don't know.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-11 20:08:02 -0600 )edit

1 answer

Sort by » oldest newest most voted

answered 2017-07-12 03:23:31 -0600

dbaxps gravatar image

updated 2017-07-12 03:30:40 -0600

Using field as comment . Per Arie Bregman blog

L2 Agent functionality
Its main responsibility is to wire new devices (TAP interfaces created by Nova) 
and to configure the software bridges on the compute nodes. There are usually 
two bridges: br-int and br-tun.
br-int is the integration bridge. It’s the bridge that takes care of tagging & untagging 
the traffic which coming in or out of the VMs. To tag the traffic, it uses local vlan id 
and assign it to the network.
br-tun is the tunneling bridge. It takes care of translating the tagged traffic. 
It translates the vlan id into segmentation and using it then for tunneling. 
If for example you use GRE tunnels, the segmentation id is used to specify the tunnel id.
The L2 agent is also responsible for applying security group rules 
(firewall rules) which implemented in neutron by using iptables and ip sets.
L2 constantly communicates with neutron-server using RPC.

image description

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-07-11 10:51:30 -0600

Seen: 133 times

Last updated: Jul 12 '17