Ask Your Question
0

why is it that in neutron, there is a qdhcp namespace created for a dhcp enabled network, but , no namespace created for a dhcp disabled network ?

asked 2020-02-24 07:53:46 -0500

ygk gravatar image

How is the network isolation across tenants achieved if there is no qdhcp namespace created for non-dhcp networks ?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2020-02-26 02:17:59 -0500

Basically, network isolation is achieved differently for different backends. For most popular one, which is openvswitch-agent, it uses "local vlan tags", which are configured as tags on ports in br-int. Each network has got allocated own tag on the node (it can be compute node or controller node, ports are treated in the same way by ovs-agent always). Those tags are later "translated" to some tunnel network (like vxlan) or provider network (e.g. vlan) depends on network type.

Namespace with prefix "qdhcp-" is used only to run dnsmasq process (and haproxy for metadata in isolated networks sometimes) to provide dhcp service to the VMs. If You have disabled dhcp for all subnets in the network, than this namespace is not needed for such network.

Namespaces with prefix "qrouter-" are used for routers and in those namespaces there are router ports from networks connected to the router. There may be also e.g. keepalived process run in such namespace for HA routers.

There are also namespaces with prefixes like "snat-" and "fip-" which are used by DVR routers, together with "qrouter-" namespace.

edit flag offensive delete link more
0

answered 2020-02-24 08:29:09 -0500

updated 2020-02-24 18:10:36 -0500

Network isolation is achieved with the ML2 type driver (assuming that ML2 is the core plugin). Either VLANs or one of the tunnel technologies GRE, VXLAN or Geneve.

DHCP namespaces don't separate tenant networks. Their purpose is to have several network interfaces with identical IP addresses on the same controller.

edit flag offensive delete link more

Comments

Hi, Thanks for the response.

But how does neutron achieve multiple network interfaces on the same controller in case of static subnet networks(non-dhcp networks) without a network namespace ?

ygk gravatar imageygk ( 2020-02-25 03:54:04 -0500 )edit

As far as I know the only other network interfaces, besides the ones required for DHCP, are for routing and floating IPs. For that, we have router namespaces.

Bernd Bausch gravatar imageBernd Bausch ( 2020-02-25 04:30:35 -0500 )edit

So, u mean to say that for non-dhcp(static) tenant networks, no namespaces will be created ?

ygk gravatar imageygk ( 2020-02-25 05:45:53 -0500 )edit

Yes, exactly. DHCP namespaces exist because DHCP servers might have identical IP addresses. Namespaces protect them from each other. No DHCP server, no need for a DHCP namespace.

There will be router namespaces for routers, though.

Bernd Bausch gravatar imageBernd Bausch ( 2020-02-25 08:06:24 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2020-02-24 07:53:46 -0500

Seen: 98 times

Last updated: Feb 26