Ask Your Question
0

How does traffic flow in OVS/VXLAN networks

asked 2018-05-21 18:05:35 -0500

codylab gravatar image

updated 2018-05-21 20:15:38 -0500

Assuming VM1 and VM2 are on the same VLAN but reside on two different compute nodes. Further assuming both compute nodes use the OVS driver and are connected via a VXLAN overlay network.

When VM1 sends a packet to VM2:

Q1: How does one compute node know the vxlan tunnel endpoint (VTEP) of another compute node which is hosting VM2, with or without L2 population driver?

Q2: Does every tenant network (VLAN) on the integration bridge (br-int) get a dedicated patch port to the tunnel bridge (br-tun) to send the VXLAN traffic?

Q3: Where does the VXLAN encapsulation take place? Does the entire process (striping VLAN id, adding VNI, adding outer IP) all happen on the tunnel bridge?

Extra Question: Since every tenant network is isolated via VLAN on the integration bridge, does that mean the maximum number of tenant networks is 4096 with OVS driver on a single compute node?

Thank you very much.

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2018-05-22 01:25:52 -0500

yadidi gravatar image

  1. neutron knows which node each port is bounded in and establishes vxlan tunnel among the compute nodes via ovs vxlan type port with remote vtep ip designated

  2. no. one pair of path port is enough

  3. ovs flow table does it

  4. yes. but commonly 4096 is enough for one compute node even if each port bounded with the compute node has different vlan tag.

edit flag offensive delete link more
add a comment
0

answered 2018-05-22 03:26:36 -0500

theque42 gravatar image

updated 2018-05-22 03:29:28 -0500

Regarding Q1, the first packet would normally be an ARP broadcast, which would be flooded to all compute nodes, causing MAC-learning of the source on the way forwarding. The ARP-response would then cause MAC-learning for the original requested destination, and voila! :-)

With l2pop I dont know the actual details but since the whole idea is to pre-populate the FDB of the OVS, I have simply assumed that OVSDB or ovs-cli-tools are used to populate the FDB of each OVS on each compute node.

I cant find the reference now, but I think I've read somewhere that the OVS tag in bridges, is not a 802.1Q tag, meaning its 24..32 bits or something like that, and doesnt have the limitation of max ~4000 vlans.

edit flag offensive delete link more

Comments

Thanks very much! Based on this, I guess the integration bridge will intercept the ARP broadcast according to its OpenFlow rules and forward the tagged traffic to the tunnel bridge, which in turn strip the vlan tag and add VNI, then flood it out to the overlay network, assuming no L2 population.

codylab gravatar imagecodylab ( 2018-05-22 09:08:48 -0500 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2018-05-21 18:05:35 -0500

Seen: 1,313 times

Last updated: May 22 '18

Related questions

Launch VM fails on Compute when VXLAN ML2 type driver is used [closed]

kernel: vxlan: non-ECT from IP_ADDRESS with TOS=0x2

Do we effectively still have 4K VLAN limit with VXLAN?

How to connect 2 VM's via VXLAN ?

(Mitaka, SR-IOV) Possible to mix Flat and VXLAN nets on same VM?

vxlan between openstack node and mininet switch

Newton: Instances not getting IP address assigned when Firewall is on.

how to find the mapping between vxlan vni and openvswitch internal tag

How to remove vxlan tunnels after compute node removal

Neutron routing from isolated networks through a linux nat box