Ask Your Question
0

Why In Openstack Neutron with 'GRE' configured, two saparete OVS bridges ('br_tun' and 'br_int') are used rather than using a single OVS bridge?

asked 2014-06-09 23:39:57 -0600

swarvanusg gravatar image

updated 2014-06-10 00:21:01 -0600

Hi.
I want to know why two OVS bridges, the 'br_tun' and the 'br_int' is used, rather than a single OVS Bridge.
I know in current design how the both bridges works. But I'm not sure why they are different? I've been searching in internet for a manual Virtual - Private -Segregated tenant based network setup. 

http://trickycloud.wordpress.com/2014/05/02/multiple-private-networks-with-open-vswitch-gre-tunnels-and-libvirt/

In the above link, there is a 'br_eth0' is used. Can anyone please describe me the significance/reason of the Bridge. Is this the reason is same for having two different bridges, 'br_tun' and 'br_int' ?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
3

answered 2014-06-10 14:21:18 -0600

timoteoverde gravatar image

If you take a close look at these two bridges (ovs-vsctl show), you'll see that they are connected to each other using a 'virtual' patch port. The reason why both exist (and are virtually connected) becomes clearer when you dump the openflow table on one of the hypervisors (ovs-ofctl dump-flows br-tun). Depending on the number of VM's you are running on this compute host, there will be corresponding openflow rules to translate VLAN ID's to GRE tunnels. This would look something like:

cookie=0x0, duration=422.357s, table=0, n_packets=82, n_bytes=10443, idle_age=31, priority=4,in_port=1,dl_vlan=1 actions=set_tunnel:0x2,NORMAL

For return traffic, you'll see another openflow rule that ensures that the GRE to br-int (local) VLAN mapping can be performed as well. The patch cable is again used to ensure the now VLAN tagged traffic arrives back at the guest. The following OpenFlow entry ensures that ingress traffic with the specified destination MAC will get tagged with VLAN 1 before getting patched to br-int.

 cookie=0x0, duration=421.948s, table=0, n_packets=64, n_bytes=8337, idle_age=31, priority=3,tun_id=0x2,dl_dst=fa:16:3e:dd:c1:62 actions=mod_vlan_vid:1,NORMAL

For further information, check out this excellent document (my examples came from here):

http://openstack.redhat.com/Networking_in_too_much_detail (http://openstack.redhat.com/Networkin...)

And for further details on ovs patch ports:

http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/ (http://blog.scottlowe.org/2012/11/27/...)

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-06-09 23:39:57 -0600

Seen: 413 times

Last updated: Jun 10 '14

Related questions

Instances not reachable from outside

OpenStack-Anisble and OVS

How do I modify the IP pool?

Cant access my instance (ping/ssh)

load balancer rdp

Security Group Problem: GRE

Unable to get DHCP lease in Juno

neutron 503 Service Unavailable

Connection to neutron failed: Maximum attempts reached

How does OVS GRE tunnel port get network package?