Ask Your Question
0

How does external network provider work (flat,vlan,gre) ?

asked 2015-11-24 15:20:38 -0600

I am not asking code in Python. Just manual or "howto" with explanation of core idea.
Why OVS bridging in this case seems to be so tricky ? I keep in mind recent patch
https://github.com/beekhof/osp-ha-dep...
for
https://github.com/beekhof/osp-ha-dep...
Section - Neutron configuration on Controllers.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-11-25 05:21:20 -0600

dbaxps gravatar image

Fist see bottom lines in post
http://www.linux.com/community/blogs/...
Then I intend follow Larsks ( who is the best tutor either he wants it to happen or doesn't) , i mean his work :-
http://blog.oddbit.com/2015/08/13/pro...

Connectivity between the qg-... interface and the appropriate external bridge (br-ex1 in this case) happens due to the VLAN tag assigned on egress by the qg-... interface and the following OpenFlow rules associated with br-ex1:

# ovs-ofctl dump-flows br-ex1
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=794.876s, table=0, n_packets=0, n_bytes=0, idle_age=794, priority=1 actions=NORMAL
 cookie=0x0, duration=785.833s, table=0, n_packets=0, n_bytes=0, idle_age=785, priority=4,in_port=3,dl_vlan=4 actions=strip_vlan,NORMAL
 cookie=0x0, duration=792.945s, table=0, n_packets=24, n_bytes=1896, idle_age=698, priority=2,in_port=3 actions=drop

Each of these rules contains some state information (like the packet/byte counts), some conditions (like priority=4,in_port=3,dl_vlan=4) and one or more actions (like actions=strip_vlan,NORMAL). So, the second rule there matches packets associated with VLAN tag 4 and strips the VLAN tag (after which the packet is delivered to any physical interfaces that are attached to this OVS bridge).

Putting this all together:

. . . . . . . 
The packet exits the qg-... interface of the router (where it is assigned the VLAN tag associated with the external network). (N)
The packet is delivered to the external bridge, where a flow rule strip the VLAN tag. (P)
The packet is sent out the physical interface associated with the bridge.

It appears that on RH clones (specifically on HA\Keepalived 3 Node Controller Cluster) which always need ifcfg files for OVS port and OVS Bridge, the best configuration would be provided by

cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0
    DEVICE=eth0
    ONBOOT=yes
    DEVICETYPE=ovs
    TYPE=OVSPort
    OVS_BRIDGE=br-eth0
    ONBOOT=yes
    BOOTPROTO=none
    VLAN=yes
    MTU="9000"
    NM_CONTROLLED=no
    EOF

    cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-br-eth0
    DEVICE=br-eth0
    DEVICETYPE=ovs
    OVSBOOTPROTO=none
    TYPE=OVSBridge
    ONBOOT=yes
    BOOTPROTO=static
    MTU="9000"
    NM_CONTROLLED=no
    EOF

Next per https://developer.rackspace.com/blog/...

When "externalnetworkbridge" is unset (ie. ""), Neutron places the external interface of the router into the OVS bridge specified by the "provider_network" provider attribute in the Neutron network. Traffic is processed by Open vSwitch flow rules. In this configuration it is possible to utilize flat and VLAN provider networks.
edit flag offensive delete link more

Comments

Thank you for digging into details. I was not aware of larsks posting in July of 2015. But, I still have a concern why single Controller may be configured without ifcfg-eth0 , ifcfg-br-eth0

andrew.shvartz gravatar imageandrew.shvartz ( 2015-11-25 10:49:38 -0600 )edit

I see one principal difference usual Neutron router ( single case ) and HA Neutron router ( cluster case ). VRRP gets involved in case of Cluster config.

andrew.shvartz gravatar imageandrew.shvartz ( 2015-11-25 10:53:41 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-11-24 15:20:38 -0600

Seen: 248 times

Last updated: Nov 25 '15