Ask Your Question
1

VM access to existing VLAN

asked 2016-10-24 09:15:43 -0500

VincentSwiss gravatar image

updated 2016-10-24 10:09:02 -0500

dbaxps gravatar image

Hello,

I need to configure OpenStack, to be able to give VMs access to an existing external network which is VLAN tagged.

I have a standard installation of OpenStack Mitaka (using neutron with ovs), with one external network already configured which provides the floating IPs for the VMs.

On each node I have two physical interface configured: one (eth0) not tagged and usef for the PXE boot of new nodes and the other one (eth1) with VLAN tags 32 for storage network and 34 for management, 36 for Piblic and a range from 200-600 for the Private network (tenants).

I tried to follow different tutorials / instructions to achieve my goal, but none of these worked.

https://visibilityspots.org/vlan-flat...
http://www.s3it.uzh.ch/blog/openstack...
https://bderzhavets.wordpress.com/201...
http://docs.openstack.org/liberty/net...

I've also looked here for similar questions but none contained a full example, or exactly this case.

So, first of all, is it possible to have the standard floating IP setup and also direct access to external VLANs (let's say vlan 970) from VMs ? And if the answer is yes, how can I set it up? Does anyone have working example or tutorial up to date?

Following the instructions on the different tutorials I linked here above, I'm able to have access to the VLAN from the compute and controller nodes (eth1.970) but the bridging (br-vlan) to the VM part doesn't appear to work. Furthermore, it seems to be a lot different for each OpenStack version, for example: do I need another L3 agent? Should the interface be tagged or the bridge? And what about a router, do I need an additional one?

Thank you for your time and best regards,

Vincent

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-10-24 12:12:52 -0500

dbaxps gravatar image

updated 2016-10-24 12:43:45 -0500

Post written by myself presumes traditional Neutron L3 architecture and allows unique L3 neutron agent service to support flat and vlan tagged (say 970) external networks.

Just mentioned neutron configuration files should be properly updated and VLAN enabled devices properly configured. VM assigned FIP from from pool associated with vlan tagged 970 external network gets automatically access to any device accepting packets with mentioned vlan tag value.Each one of external networks requires it's own NIC to be plugged in, then everything works as expected.

You may also go through http://blog.oddbit.com/2015/08/13/pro...
regardless VLAN external network configuring was not described by LarsKS.
Finally you might need to perform stuff based on following 2 posts
Setup neutron L3 agent support several external VLAN networks
1. http://dbaxps.blogspot.com/2015/12/ai...
Setup neutron L3 agent support several external FLAT networks
2. http://dbaxps.blogspot.com/2015/10/mu...
Say Eth(X) serving flat external net should be configured per 2
Say Eth(X+1) serving vlan external net should be configured per 1

You are supposed to switch to non-bridged external networking to get config Ext VLAN && Ext Flat working at a time.

Quote
So, first of all, is it possible to have the standard floating IP setup and also direct access to external VLANs (let's say vlan 970) from VMs ?

In traditional neutron L3 routing architecture the answer is no, unless cloud VM is assigned FIP belongs to external vlan tagged network

+---------+    +----------+    +-------------+
|         |    |          |    |             |
|  net1   +----> router1  +---->  external1  |
|         |    |          |    |  FLAT       | 
+---------+    +----------+    +-------------+
       |
  VM-WITH-FIP-FROM_FLAT

+---------+    +----------+    +-------------+
|         |    |          |    |             |
|  net2   +----> router2  +---->  external2  |
|         |    |          |    |  VLAN 970   |        |
+---------+    +----------+    +-------------+
      |
    VM-WITH-FIP-FROM_VLAN
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-10-24 07:07:41 -0500

Seen: 281 times

Last updated: Oct 24 '16