Ask Your Question
2

Is there any way to use DVR with external network provider (flat) ?

asked 2015-12-22 05:13:56 -0600

andrew.shvartz gravatar image

updated 2015-12-22 08:23:57 -0600

As far as I can see DVR requires external bridging networking, attempt to set "external_network_bridge = " in l3_agent.ini won't work with DVR. If I am wrong here, please , advise. I was able reproduce http://dbaxps.blogspot.com/2015/10/rd...
Then I added interface to another public network ( supposed to be declared as external flat network via external network provider). Attempted to update neutron.conf and neutron OVS,L3 agent *.ini and ml2_conf.ini files, added neutron-metadata-agent service , files ifcfg-br-eth2 and ifcfg-eth2 for added interface were properly configured as OVS bridge and OVS port. Neutron-openvswitch-agent has been restarted OK during "openstack-service restart neutron". This steps resulted disappearing of VXLAN tunnels. Neutron flow on DVR compute node, as follows from several manuals, is not supposed to return back to br-int before forwarding outside. But external network provider vs bridging external networking does require neutron flow to be back on br-int before sending packets out.
ml2_conf.ini (all nodes )

type_drivers = vxlan,flat
flat_networks = physnet2

Creating network.

neutron net-create public --provider:network_type flat --provider:physical_network physnet2 --router:external
neutron subnet-create --gateway 10.10.10.1 --allocation-pool start=10.10.10.100,end=10.10.10.150 --disable-dhcp --name public_subnet public 10.10.10.0/24

Then

ovs-vsctl add-br br-eth2
ovs-vsctl add-port br-eth2 eth2
plus creating ifcfg-br-eth2 and ifcfg-eth2  files  for OVS bridge and OVS port

Then

Update openvswitch-agent.ini
bridge_mappings physnet2:br-eth2

Then

opernstack-service restart ( all nodes)
edit retag flag offensive close merge delete

Comments

what exactly did you modify in the config files after adding the eth2 ?

mariusleu gravatar imagemariusleu ( 2015-12-22 06:34:33 -0600 )edit

Per https://access.redhat.com/documentati...
Replacing br-ex with br-eth2

andrew.shvartz gravatar imageandrew.shvartz ( 2015-12-22 08:09:22 -0600 )edit

The local_ip are set ok ? Can you ping controller on local_ip from compute node ?

mariusleu gravatar imagemariusleu ( 2015-12-22 11:29:16 -0600 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
1

answered 2015-12-22 13:20:23 -0600

dbaxps gravatar image

updated 2015-12-23 03:11:48 -0600

UPDATE 12/23/2015
Final draft addressing your question is here
Running DVR with external network provider (flat) on CentOS 7.2 RDO Liberty
END UPDATE
Please,change sequence of steps
1. Setup Controller/Network + Compute ML2&OVS&VXLAN via standard answer-file
Three NICs on each node MGMT (eth0) , VTEPS (eth1), Ext Interface (eth2)
2. Tune cluster to work with External Network provider per RH' link ( you've mentioned)
Just in case I kept name of outgoing bridge "br-ex"

 [root@ip-192-169-142-127 ~(keystone_admin)]# cat ifcfg-br-ex
    DEVICE="br-ex"
    NM_CONTROLLED="no"
    ONBOOT="yes"
    TYPE="OVSIntPort"
    OVS_BRIDGE=br-ex
    DEVICETYPE="ovs"
[root@ip-192-169-142-127 ~(keystone_admin)]# cat ifcfg-eth2
    DEVICE="eth2"
    ONBOOT="yes"
    TYPE="OVSPort"
    DEVICETYPE="ovs"
    OVS_BRIDGE=br-ex
    NM_CONTROLLED=no
    IPV6INIT=no

When done tune DVR configs, restart nodes.
Make sure VXLAN tunnels are here. At this point you are ready to go
The point is to get fg-xxxxxx working via br-ex ( no matter this in this case br-ex contains external neutron routers interface inside, not having visible IP like in bridged external network )

[root@ip-192-169-142-137 ~]# ovs-vsctl show
6b29bb4b-b7e0-42d7-94ba-662cd321bf82
    Bridge br-ex
        Port "eth2"
            Interface "eth2"
        Port phy-br-ex
            Interface phy-br-ex  <=== veth pair
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "qvo2be937c0-cc"
            tag: 1
            Interface "qvo2be937c0-cc"
        Port int-br-ex
            Interface int-br-ex  <=== veth pair
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-98432f0d-0c"
            tag: 1
            Interface "qr-98432f0d-0c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "fg-a6949885-91"       <== outgoing fip-namespace interface ( on br-int )
            tag: 2
            Interface "fg-a6949885-91"
                type: internal
        Port "qvo997b88c5-a8"
            tag: 1
            Interface "qvo997b88c5-a8"
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0c00007f"
            Interface "vxlan-0c00007f"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="12.0.0.137", out_key=flow, remote_ip="12.0.0.127"}
    ovs_version: "2.4.0"
[root@ip-192-169-142-137 ~]# ip netns exec fip-bb5509d1-84a3-489e-847f-c07573b8f6a1 ifconfig | head -8
fg-a6949885-91: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.102  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fe80::f816:3eff:fecf:84a5  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:cf:84:a5  txqueuelen 0  (Ethernet)
        RX packets 138191  bytes 188105981 (179.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 58127  bytes 4630008 (4.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

image description

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2015-12-22 05:13:56 -0600

Seen: 379 times

Last updated: Dec 23 '15

Related questions

How to allow external access for vms

Fail to create external network - neutron-server not started

External network only works for routers

Which provider:network_type to use when creating external network with GRE network? [closed]

l3-agent Cannot find device

Small Horizon dashboard modifications

CircularDependencyException - Accessing a property within the resource

Alternative to unnumbered interface?

l3-agent errors in DVR configuration

Neutron L3 metering with DVR doesn't work