Ask Your Question
0

Self service and Provider Networks in parallel

asked 2018-12-18 06:59:47 -0500

themis_anagno gravatar image

Hello, in the neutron deployment there are two options, self service and provider networks. Is it possible to use both configurations, connecting some instances on a provider network with a public IP and some instances on a self service network, behind a vrouter?

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2018-12-19 06:18:39 -0500

themis_anagno gravatar image

I had some errors with the configuration, that's why I couldn't make it work. I followed this neutron https://docs.openstack.org/neutron/queens/admin/deploy-ovs-selfservice.html (guide) for deploying self-service networks with the neutron-openvswitch-agent.

But you have to add the parameter bridge_mappings = provider:br-provider under the [ovs] section in the /etc/neutron/plugins/openvswitch_agent.ini file in order for the instances to be able to connect directly on the provider network.

edit flag offensive delete link more
1

answered 2018-12-19 04:23:13 -0500

Yes, it is possible and in some scenarios even desirable. We're running a setup like this in production without any problems so far (that would be caused by the setup itself, that is).

The virtual network (vxlan/gre) is great for dynamic customer-side provisioning, because you don't have to configure a new VLAN across your network infrastructure each time a new Neutron network is created. The physical/provider network on the other hand, is more reliable performance- and management-wise.

edit flag offensive delete link more

Comments

Thanks for the response! I just deployed the same configuration for my environment as well, using the self service networks as a general networking solution for each project, and provider/external network for some specific networking services that cannot bare the tunneling overhead.

themis_anagno gravatar imagethemis_anagno ( 2018-12-19 06:04:06 -0500 )edit
1

answered 2018-12-18 13:44:09 -0500

reynoni gravatar image

It is possible, but it is not necessary, you can give floating public IPs from a self-service network, you can also do NAT from your router to allow traffic to pass to particular systems from reaching out to a public IP.

Stacking this technology even higher and adding layers like this will inevitably make your systems harder to manage and harder to maintain. Talking to my networking guy, he agrees that while it is probably possible, its like driving a car with your feet, sure you can do it, but why?

Use the one that does everything you need and choose a self-service network.

edit flag offensive delete link more

Comments

Thanks for the response! The reason to have both networking solutions is that self service networks, although they are necessary for project users in order to create their own networks, they add some overhead to each packet because of the tunnel protocols, and that causes problem for some services.

themis_anagno gravatar imagethemis_anagno ( 2018-12-19 06:00:48 -0500 )edit
1

answered 2018-12-18 10:42:10 -0500

novainfinite gravatar image

yes . absolutely you can self service is more complicated but it can be high available provider is more stable

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-12-18 06:59:47 -0500

Seen: 230 times

Last updated: Dec 19 '18