Ask Your Question
0

Can Neutron forward vlan tagged packets from an instance?

asked 2014-11-11 14:56:38 -0500

nakul gravatar image

updated 2014-11-13 13:42:56 -0500

darragh-oreilly gravatar image

Can i send a native vlan tagged packet over the openstack network which is also vlan network. Will it be a packet with 2 vlan tags or openstack will drop this packet?

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-11-11 19:46:54 -0500

SamYaple gravatar image

I am a bit confused here.

A "native vlan" is simply the vlan that carries the untagged traffic. If you are tagging it with the same tag as what the ports native vlan is configured for you are treating the "native vlan" like any other vlan. The client shouldn't know anything about the native vlan.

You can't currently send tagged vlan packets through neutron, at least you can't with OVS. See the relevant code here, OVS is stripping the vlan off the packet before tagging it its own way.

My guess is the linuxbridge plugin works the same way, but I am not positive on that.

What is your overall end goal here?

edit flag offensive delete link more

Comments

Sorry if my question was confusing. My goal here was that the vm is generation vlan tagged packets ( not the neutron) . can I send this vlan tagged packets out?

nakul gravatar imagenakul ( 2014-11-11 20:02:23 -0500 )edit

No you can't. OVS automatically strips the tags (see code snippet above). I believe linuxbridge does as well, you'll have to check.

SamYaple gravatar imageSamYaple ( 2014-11-11 21:45:55 -0500 )edit
add a comment
1

answered 2014-11-13 13:37:33 -0500

darragh-oreilly gravatar image

updated 2014-11-13 13:46:31 -0500

Yes - with the ML2 plugin and LinuxBridge mechanism driver/agent, this should work. If the Neutron provider network is type VLAN, then the packet will have 2 tags back-to-back (stacked VLANs) when put on the physical switch port, and the switch must support Q-in-Q.

The OVS agent uses VLANs internally to isolate Neutron networks locally. It configures a VLAN for each Neutron network that the node needs to support. This means instances are connected to access ports and OVS will not pass tagged packets it receieves from them - I don't know does if it strips the tags or drops the packet. This blueprint proposal is about adding support for packets tagged on the instance when using the OVS agent.

edit flag offensive delete link more

Comments

I see that the intergration bridge drops the vlan tagged packets. Do I need to do any configuration to support this?

nakul gravatar imagenakul ( 2014-11-13 14:14:42 -0500 )edit

The bridge named br-int is specific to the Neutron OVS agent, and what you want is not possible with it. My advice is to look into using the LinuxBridge agent and flat network(s) instead.

darragh-oreilly gravatar imagedarragh-oreilly ( 2014-11-15 01:58:44 -0500 )edit

Also - the ofagent (which uses ovs) can handle tagged packets to instances.

darragh-oreilly gravatar imagedarragh-oreilly ( 2015-07-03 00:53:48 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-11-11 14:56:38 -0500

Seen: 1,700 times

Last updated: Nov 13 '14

Related questions

what is provider:physical_network?

Multiple Provider VLAN network with one physical interface

OpenStack Fuel 6.0 Community - problem with HA deployment (probably floating IP issue)

Do we effectively still have 4K VLAN limit with VXLAN?

convert netron external network from flat to vlan

vlan translation in Quantum

port on openvswitch not tagged upon VM launch

What are the current limits for the number of tenants networks for VLAN and GRE in Neutron?

[Resolved]No output packets from OVS

Can users sniff each other's packets and perform man in the middle attacks?