Ask Your Question
1

High Availability using Distributed Virtual Routing (DVR) with bond vlan tagged interfaces.

asked 2016-02-14 01:23:28 -0500

Kernel_Panic gravatar image

updated 2016-02-14 10:40:11 -0500

Hi, I'm following this guide: High Availability using Distributed Virtual Routing (DVR) http://docs.openstack.org/liberty/networking-guide/scenario-dvr-ovs.html (http://docs.openstack.org/liberty/net...)

Most Openstack guides reference physical interfaces; however, all of my Openstack nodes utilize LACP 802.3ad bond interfaces with 802.1q tagged interfaces for bandwidth aggregation and high availability on interface failures. I have configured all of my Openstack external and tunnel interfaces to be vlan interfaces on bond0.xxx and I have selected vxlan,gre for my tenant networks. I could see this would be an issue for tenant vlan networks because they are already tagged, and possibly flat networks. All of the agents come up on the controller, and I can ping the qrouter internal interface from inside the namespace, but not the qrouter gateway. I cannot launch an instance because there is no access to the gateway from the tenant network.

The guide also references linux_bridge_agent is needed for tenant security groups, but it looks like those configs are handled in the ml2_conf.ini under [ovs].

Question: My bridge mappings (veth's) are not being made on the network and compute nodes. Is there an option in ml2_conf.ini .[ovs] for physical_interface_mappings? Could someone give me guidance on how to configure Openstack ml2/ovs to bridge external networks to bond0.252 vlan interface?

Many thanks,

network and compute - ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan,gre
mechanism_drivers = openvswitch,l2population

[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 10.0.101.11
enable_tunneling = True
bridge_mappings = external:br-ex,external1:br-ex1,external2:br-ex2,external4:br-ex4
physical_interface_mappings = external:bond0.104,external1:bond0.251,external2:bond0.252,external4:bond0.254

[agent]
l2_population = True
tunnel_types = vxlan,gre
enable_distributed_routing = True

compute node - ip address show

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
    2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
        link/ether ac:16:2d:7b:91:20 brd ff:ff:ff:ff:ff:ff
    3: eno2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond0 state UP qlen 1000
        link/ether ac:16:2d:7b:91:21 brd ff:ff:ff:ff:ff:ff
    4: eno3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond0 state UP qlen 1000
        link/ether ac:16:2d:7b:91:21 brd ff:ff:ff:ff:ff:ff
    5: eno4: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 9000 qdisc mq master bond0 state UP qlen 1000
        link/ether ac:16:2d:7b:91:21 brd ff:ff:ff:ff:ff:ff
    14: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
        link/ether ca:41:33:d6:80:36 brd ff:ff:ff:ff:ff:ff
    15: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
        link/ether 92:54:3d:fe:75:48 brd ff:ff:ff:ff:ff:ff
    18 ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-02-22 01:16:03 -0500

Kernel_Panic gravatar image

Testing reveals it is not possible to connect an OVS bridge to a bond, tagged or IP interface, because OVS needs full control of the physical interface without system interference. I had to take a NIC out of the bond and dedicate it to the external floating net.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2016-02-14 01:23:28 -0500

Seen: 177 times

Last updated: Feb 22 '16