Ask Your Question
0

Number of GRE tunnels in DVR

asked 2015-05-28 22:53:02 -0600

Nodir gravatar image

updated 2015-05-30 22:37:26 -0600

Hello,

I have two node setup with DVR enabled with Juno and Neutron+OVS. One of them is a controller and the other is compute node. When I create one VM, I see there are two GRE tunnels created on the compute node1. I can also see that outgoing traffic from VMs (with vlan_vid=1) is being sent to both GRE tunnels set_tunnel:0x1,output:3,output:2. Is it expected?

Here is the output from my compute node

$ sudo ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=6424.156s, table=3, n_packets=7, n_bytes=1698, idle_age=6231, priority=1,tun_id=0x1 actions=mod_vlan_vid:1,resubmit(,10)
 cookie=0x0, duration=6424.251s, table=22, n_packets=60, n_bytes=4236, idle_age=6179, dl_vlan=1 actions=strip_vlan,set_tunnel:0x1,output:3,output:2

$ sudo ovs-ofctl show br-tun
OFPT_FEATURES_REPLY (xid=0x2): dpid:00008ec83b81c549
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
 1(patch-int): addr:b2:37:03:bd:0a:13
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(gre-0a0a0301): addr:5a:80:9e:17:d2:91
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 3(gre-0a0a0302): addr:b6:e0:c1:cc:1e:23
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-tun): addr:8e:c8:3b:81:c5:49
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

When I read OpenStack community recommended tutorials (by https://kimizhang.wordpress.com/2014/11/25/building-redundant-and-distributed-l3-network-in-juno/ (Kimizhang) and https://www.rdoproject.org/Networking_in_too_much_detail (RDO)), it seems to be wrong, i.e., there should be only one GRE tunnel per VLAN. Also, is there a way to find the other end of the GRE tunnels? I can't tell where does these tunnels gre-0a0a0301 and gre-0a0a0302 connect to.

Thanks,

Nodir

Later addition: I've figured out a way to debug GRE tunnels. Use following command to get IP address endpoints of the tunnels. Run it in each host machine.

user@host:~$ sudo ovs-vsctl show
Bridge br-tun
   Port "gre-0a0a0301"
       Interface "gre-0a0a0301"
           type: gre
           options: {df_default="true", in_key=flow, local_ip="10.0.0.4", out_key=flow, remote_ip="10.0.0.1"}
   Port br-tun
       Interface br-tun
           type: internal
   Port "gre-0a0a0302"
       Interface "gre-0a0a0302"
           type: gre
           options: {df_default="true", in_key=flow, local_ip="10.0.0.4", out_key=flow, remote_ip="10.0.0.2"}
   Port patch-int
       Interface patch-int
           type: patch
           options: {peer=patch-tun}
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
1

answered 2015-05-29 00:17:07 -0600

dbaxps gravatar image

updated 2015-05-29 04:00:57 -0600

It's not expected just one GRE tunnel should be enough. See details ( similar configuration to yours ) here
http://schmaustech.blogspot.com/2014/...
Creating VM shouldn't create GRE tunnel, GRE tunnels are setup during original system deployment.
GRE tunnels are created per each Compute Node connected to Controller&&Network Node ( your config ).

edit flag offensive delete link more
0

answered 2015-05-30 06:19:24 -0600

paullaurence gravatar image

I'm just wondering if this is the effect of using only one compute node? the guide for DVR suggests a minimum of two compute nodes. http://docs.openstack.org/networking-...

edit flag offensive delete link more

Comments

No, it is not because of number of compute nodes. It is because of neutron service running on another machine. I moved neutron service from controller to another machine, such that there is 1 compute node, 1 controller node (without neutron) and 1 machine with only neutron service.

Nodir gravatar imageNodir ( 2015-05-30 21:55:19 -0600 )edit
0

answered 2015-05-31 02:11:10 -0600

updated 2015-05-31 02:14:07 -0600

hi,

please do check that have you given management IP and Tunnel IP as in a single network. ovs-vsctl show command can put some better light on the OVS_Bridge.

And tunneling is done only during initial configuration. dont bother about tunneling during instance creation as it is an internal process.

check this link, hope this may help you

https://blogs.oracle.com/ronen/entry/...

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-05-28 22:53:02 -0600

Seen: 608 times

Last updated: May 31 '15