Ask Your Question
0

Has anyone gotten multiple external gateways to work for flat/vlan networks and openvswitch?

asked 2015-10-04 00:13:05 -0600

penghon gravatar image

updated 2015-10-04 00:13:47 -0600

Based on http://blog.oddbit.com/2014/05/28/multiple-external-networks-wit/ (http://blog.oddbit.com/2014/05/28/mul...) it would appear that you can achieve something like the following:

            +                              
            |  +---------+   +---------------------+
            +--+ router1 +---+  external1/gateway1 |
+---------+ |  +---------+   +---------------------+
| private +-+                              
+---------+ |                              
            |  +---------+   +---------------------+
            +--+ router2 +---+ external2/gateway2  |
            |  +---------+   +---------------------+

+

I have not been able to get the above to work and would like to ask if anyone has ever gotten such a configuration to work in their Juno/Kilo opentstack deployment.

[root@clarion ~(keystone_admin)]# ovs-vsctl show
a74b8d71-bdec-475d-9462-0ba733383bfc
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth1"
            Interface "eth1"
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qg-88797849-5f "
            tag: 1
            Interface "qg-88797849-5f "
                type: internal
        Port "int-br-ex2"
            Interface "int-br-ex2"
                type: patch
                options: {peer="phy-br-ex2"}
    Bridge "br-ex2"
        Port "br-ex2"
            Interface "br-ex2"
                type: internal
        Port "phy-br-ex2"
            Interface "phy-br-ex2"
                type: patch
                options: {peer="int-br-ex2"}
        Port "eth2"
            Interface "eth2"
    ovs_version: "2.3.1"

[root@clarion ~]# grep -iRE "br-ex|physnet|external_network_bridge|gateway_external_network_id" /etc/neutron/* | grep -v "#"
/etc/neutron/l3_agent.ini:gateway_external_network_id =
/etc/neutron/l3_agent.ini:external_network_bridge =
/etc/neutron/plugin.ini:network_vlan_ranges =physnet1:1:100,physnet2:101:200
/etc/neutron/plugins/ml2/ml2_conf.ini:network_vlan_ranges =physnet1:1:100,physnet2:101:200
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:bridge_mappings =physnet1:br-ex,physnet2:br-ex2

The odd behaviour seen is that the qg interface of the router is attached to br-int as shown in the above ovs-vsctl show command.

I have tested on Juno and kilo, wiped out the config and reconfig, create/recreate network/router/subnet via GUI and CLI and nothing works.

Any advice/guidance would be greatly appreciated.

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-11-01 23:33:47 -0600

penghon gravatar image

I found out that the problem is with my understanding. Assumption: Multiple gateways (routers created via openstack) can be used for a single instance that has more than one interface tagged to a separate external gateway.

What I found out: You no longer can configure openstack routers if you use multiple external vlan. The keypoint which I missed out from http://blog.oddbit.com/2014/05/28/multiple-external-networks-wit/ (http://blog.oddbit.com/2014/05/28/mul...) is "This assumes that eth1 is connected to a network using 10.1.0.0/24 and eth2 is connected to a network using 10.2.0.0/24, and that each network has a gateway sitting at the corresponding .1 address."

From my setup:

    [root@diminishingreturns (keystone_user1)]# ovs-vsctl show
    59ed8124-67f7-4da5-b4ec-177c12f4dcc5
        Bridge "br-ex2"
            Port "eth2"
                Interface "eth2"
            Port "phy-br-ex2"
                Interface "phy-br-ex2"
                    type: patch
                    options: {peer="int-br-ex2"}
            Port "br-ex2"
                Interface "br-ex2"
                    type: internal
        Bridge br-int
            fail_mode: secure
            Port "int-br-ex2"
                Interface "int-br-ex2"
                    type: patch
                    options: {peer="phy-br-ex2"}
            Port "qvo37461431-48"
                tag: 1
                Interface "qvo37461431-48"
            Port "qvoec757be8-b1"
                tag: 1
                Interface "qvoec757be8-b1"
            Port br-int
                Interface br-int
                    type: internal
            Port int-br-ex
                Interface int-br-ex
                    type: patch
                    options: {peer=phy-br-ex}
            Port "qvob5290ebb-d3"
                tag: 3
                Interface "qvob5290ebb-d3"
        Bridge br-ex
            Port br-ex
                Interface br-ex
                    type: internal
            Port phy-br-ex
                Interface phy-br-ex
                    type: patch
                    options: {peer=int-br-ex}
            Port "eth1"
                Interface "eth1"
        ovs_version: "2.3.1"

[root@diminishingreturns cinder(keystone_user1)]# ovs-ofctl show br-int
OFPT_FEATURES_REPLY (xid=0x2): dpid:00001e68565d0d43
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
 16(int-br-ex2): addr:86:e4:99:88:e3:8e
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 17(int-br-ex): addr:22:81:34:97:cb:b7
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 18(qvo37461431-48): addr:4a:a6:6a:ac:b3:e3
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 20(qvoec757be8-b1): addr:fa:1a:ea:be:92:6a
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 21(qvob5290ebb-d3): addr:6e:b1:53:4d:16:1f
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(br-int): addr:1e:68:56:5d:0d:43
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@diminishingreturns cinder(keystone_user1)]# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
  cookie=0x0, duration=12124.902s, table=0, n_packets=409, n_bytes=39452, idle_age=1, priority=1 actions=NORMAL
  cookie=0x0, duration=12124.320s, table=0, n_packets=9, n_bytes=576, idle_age=1596, priority=2,in_port=16 actions=drop
  cookie=0x0, duration=12123.718s, table=0, n_packets=9, n_bytes=576, idle_age=1596, priority=2,in_port=17 actions=drop
  cookie=0x0, duration=801.740s, table=0, n_packets=334, n_bytes=31700, idle_age=1, priority=3,in_port=16,vlan_tci=0x0000 actions=mod_vlan_vid:3,NORMAL
  cookie=0x0, duration=1492.361s, table=0, n_packets=27, n_bytes=2212, idle_age=312, priority=3,in_port=17,vlan_tci=0x0000 actions=mod_vlan_vid ...
(more)
edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-10-04 00:13:05 -0600

Seen: 699 times

Last updated: Nov 01 '15

Related questions

How to enable SNAT after disable it

neutron-plugin-openvswitch-agent cant be started on compute node

Instance fails to spawn with nic on provider network - binding:vif_type binding_failed

Openstack Security Group - default Rules

How do you find what is using a security group of a deleted tenant?

Juno dashboard 403 forbidden

Neutron Port Create

Dhcp and metadata not working

Neutron with two external network attach floating ip to wrong router namespace

ip netns - iptables