Number of GRE tunnels in DVR

asked 2015-05-28 22:53:02 -0500

I have two node setup with DVR enabled with Juno and Neutron+OVS. One of them is a controller and the other is compute node. When I create one VM, I see there are two GRE tunnels created on the compute node1. I can also see that outgoing traffic from VMs (with vlan_vid=1) is being sent to both GRE tunnels set_tunnel:0x1,output:3,output:2. Is it expected?

Here is the output from my compute node

$ sudo ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=6424.156s, table=3, n_packets=7, n_bytes=1698, idle_age=6231, priority=1,tun_id=0x1 actions=mod_vlan_vid:1,resubmit(,10)
 cookie=0x0, duration=6424.251s, table=22, n_packets=60, n_bytes=4236, idle_age=6179, dl_vlan=1 actions=strip_vlan,set_tunnel:0x1,output:3,output:2

$ sudo ovs-ofctl show br-tun
OFPT_FEATURES_REPLY (xid=0x2): dpid:00008ec83b81c549
n_tables:254, n_buffers:256
 1(patch-int): addr:b2:37:03:bd:0a:13
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(gre-0a0a0301): addr:5a:80:9e:17:d2:91
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 3(gre-0a0a0302): addr:b6:e0:c1:cc:1e:23
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-tun): addr:8e:c8:3b:81:c5:49
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

When I read OpenStack community recommended tutorials (by (Kimizhang) and (RDO)), it seems to be wrong, i.e., there should be only one GRE tunnel per VLAN. Also, is there a way to find the other end of the GRE tunnels? I can't tell where does these tunnels gre-0a0a0301 and gre-0a0a0302 connect to.



Later addition: I've figured out a way to debug GRE tunnels. Use following command to get IP address endpoints of the tunnels. Run it in each host machine.

user@host:~$ sudo ovs-vsctl show
Bridge br-tun
   Port "gre-0a0a0301"
       Interface "gre-0a0a0301"
           type: gre
           options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
   Port br-tun
       Interface br-tun
           type: internal
   Port "gre-0a0a0302"
       Interface "gre-0a0a0302"
           type: gre
           options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
   Port patch-int
       Interface patch-int
           type: patch
           options: {peer=patch-tun}
3 answers

answered 2015-05-29 00:17:07 -0500

It's not expected just one GRE tunnel should be enough. See details ( similar configuration to yours ) here
Creating VM shouldn't create GRE tunnel, GRE tunnels are setup during original system deployment.
GRE tunnels are created per each Compute Node connected to Controller&&Network Node ( your config ).

answered 2015-05-30 06:19:24 -0500

I'm just wondering if this is the effect of using only one compute node? the guide for DVR suggests a minimum of two compute nodes.

No, it is not because of number of compute nodes. It is because of neutron service running on another machine. I moved neutron service from controller to another machine, such that there is 1 compute node, 1 controller node (without neutron) and 1 machine with only neutron service.

answered 2015-05-31 02:11:10 -0500

updated 2015-05-31 02:14:07 -0500


please do check that have you given management IP and Tunnel IP as in a single network. ovs-vsctl show command can put some better light on the OVS_Bridge.

And tunneling is done only during initial configuration. dont bother about tunneling during instance creation as it is an internal process.

check this link, hope this may help you

