Neutron and 2 VLANs

asked 2018-09-18 07:20:13 -0500

full_moon gravatar image

I have configured an Openstack Queen cloud (CentOS) with:

Some Nodes:

  cat /etc/neutron/neutron.conf
  [DEFAULT]
  auth_strategy = keystone
  transport_url = rabbit://openstack:PASS@controller
  [agent]
  [cors]
  [database]
  [keystone_authtoken]
  auth_uri = http://controller:5000
  auth_url = http://controller:35357
  memcached_servers = controller:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = neutron
  password = pass
  [matchmaker_redis]
  [nova]
  [oslo_concurrency]
  lock_path = /var/lib/neutron/tmp
  [oslo_messaging_amqp]
  [oslo_messaging_kafka]
  [oslo_messaging_notifications]
  [oslo_messaging_rabbit]
  [oslo_messaging_zmq]
  [oslo_middleware]
  [oslo_policy]
  [quotas]
  [ssl]

  cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
  [DEFAULT]
  [agent]
  [linux_bridge]
  physical_interface_mappings = provider:em4
  [network_log]
  [securitygroup]
  enable_security_group = true
  firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  [vxlan]
  enable_vxlan = false

Inside nova.conf:

  [neutron]
  url = http://controller:9696
  auth_url = http://controller:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  region_name = RegionOne
  project_name = service
  username = neutron
  password = PASS

One controller with this configuration:

# openstack network create --share --provider-physical-network provider \
                             --provider-network-type flat \
                             virtual_machines_provider1


# openstack subnet create --subnet-range MY_SUBNET_1_IPv4 \
                            --gateway MY_GW \
                            --network virtual_machines_provider1 \
                            --allocation-pool start=START_IP,end=END_IP \
                            --dns-nameserver DNS_IP \
                            public_v4_vms_provider

# openstack subnet create --subnet-range MY_SUBNET_1_IPv6 \
                            --gateway MY_GW_IPv6 --ip-version 6 \
                            --ipv6-address-mode slaac \
                            --network virtual_machines_provider1 \
                            --dns-nameserver MY_DNS_IPv6 \
                            public_v6_vms_provider1

# cat  /etc/neutron/neutron.conf
  [DEFAULT]
  core_plugin = ml2
  service_plugins = router
  allow_overlapping_ips = true
  transport_url = rabbit://openstack:PASS@controller
  auth_strategy = keystone
  notify_nova_on_port_status_changes = true
  notify_nova_on_port_data_changes = true
  [agent]
  [cors]
  [database]
  connection = mysql+pymysql://neutron:PASS@controller/neutron
  [keystone_authtoken]
  auth_uri = http://controller:5000
  auth_url = http://controller:35357
  memcached_servers = controller:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = neutron
  password = PASS
  [matchmaker_redis]
  [nova]
  auth_url = http://controller:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  region_name = RegionOne
  project_name = service
  username = nova
  password = PASS
  [oslo_concurrency]
  lock_path = /var/lib/neutron/tmp
  [oslo_messaging_amqp]
  [oslo_messaging_kafka]
  [oslo_messaging_notifications]
  [oslo_messaging_rabbit]
  [oslo_messaging_zmq]
  [oslo_middleware]
  [oslo_policy]
  [quotas]
  [ssl]

  # cat /etc/neutron/l3_agent.ini
  [DEFAULT]
  interface_driver = linuxbridge
  [agent]
  [ovs]


  # cat /etc/neutron/plugins/ml2/ml2_conf.ini
  [DEFAULT]
  [l2pop]
  [ml2]
  type_drivers = flat,vlan
  tenant_network_types = flat
  mechanism_drivers = linuxbridge
  extension_drivers = port_security
  [ml2_type_flat]
  flat_networks = provider
  [ml2_type_geneve]
  [ml2_type_gre]
  [ml2_type_vlan]
  [ml2_type_vxlan]
  [securitygroup]
  enable_ipset = true

  # cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
  [DEFAULT]
  [agent]
  [linux_bridge]
  physical_interface_mappings = provider:eno2
  [securitygroup]
  firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  enable_security_group = true
  [vxlan]
  enable_vxlan = false

 # cat /etc/neutron/dhcp_agent.ini
  [DEFAULT]
  interface_driver = linuxbridge
  dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
  enable_isolated_metadata = true
  [agent]
  [ovs]

And inside Nova.conf:

  [neutron]
  url = http://controller:9696
  auth_url = http://controller:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  region_name = RegionOne
  project_name = service
  username = neutron
  password = PASS
  service_metadata_proxy = true
  metadata_proxy_shared_secret = SECRET

And one GW (not running Openstack tools) with is a computer running iptables and forwarding trafic.

Everything is runnning fine.

Now, I have to add a second VLAN to Openstack. Each nodes must have access to both of these VLANs. VMs on hosts should have access to one of these VLANs (chosen when creating instance).

Could you tell me if it is possible to configure it with a computer outside Openstack infra to route traffic (like working above with only one network) ?

I have configured our Cisco switch and each port connected to nodes, controller and GW are in Trunk mode allowing both of these VLANs

Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk                
Switch(config-if)#switchport trunk allowed vlan 716,717

I have removed ... (more)

edit retag flag offensive close merge delete