Ask Your Question

VM access to existing VLAN

asked 2016-10-24 09:15:43 -0500

VincentSwiss gravatar image

updated 2016-10-24 10:09:02 -0500

dbaxps gravatar image


I need to configure OpenStack, to be able to give VMs access to an existing external network which is VLAN tagged.

I have a standard installation of OpenStack Mitaka (using neutron with ovs), with one external network already configured which provides the floating IPs for the VMs.

On each node I have two physical interface configured: one (eth0) not tagged and usef for the PXE boot of new nodes and the other one (eth1) with VLAN tags 32 for storage network and 34 for management, 36 for Piblic and a range from 200-600 for the Private network (tenants).

I tried to follow different tutorials / instructions to achieve my goal, but none of these worked.

I've also looked here for similar questions but none contained a full example, or exactly this case.

So, first of all, is it possible to have the standard floating IP setup and also direct access to external VLANs (let's say vlan 970) from VMs ? And if the answer is yes, how can I set it up? Does anyone have working example or tutorial up to date?

Following the instructions on the different tutorials I linked here above, I'm able to have access to the VLAN from the compute and controller nodes (eth1.970) but the bridging (br-vlan) to the VM part doesn't appear to work. Furthermore, it seems to be a lot different for each OpenStack version, for example: do I need another L3 agent? Should the interface be tagged or the bridge? And what about a router, do I need an additional one?

Thank you for your time and best regards,


edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-10-24 12:12:52 -0500

dbaxps gravatar image

updated 2016-10-24 12:43:45 -0500

Post written by myself presumes traditional Neutron L3 architecture and allows unique L3 neutron agent service to support flat and vlan tagged (say 970) external networks.

Just mentioned neutron configuration files should be properly updated and VLAN enabled devices properly configured. VM assigned FIP from from pool associated with vlan tagged 970 external network gets automatically access to any device accepting packets with mentioned vlan tag value.Each one of external networks requires it's own NIC to be plugged in, then everything works as expected.

You may also go through
regardless VLAN external network configuring was not described by LarsKS.
Finally you might need to perform stuff based on following 2 posts
Setup neutron L3 agent support several external VLAN networks
Setup neutron L3 agent support several external FLAT networks
Say Eth(X) serving flat external net should be configured per 2
Say Eth(X+1) serving vlan external net should be configured per 1

You are supposed to switch to non-bridged external networking to get config Ext VLAN && Ext Flat working at a time.

So, first of all, is it possible to have the standard floating IP setup and also direct access to external VLANs (let's say vlan 970) from VMs ?

In traditional neutron L3 routing architecture the answer is no, unless cloud VM is assigned FIP belongs to external vlan tagged network

+---------+    +----------+    +-------------+
|         |    |          |    |             |
|  net1   +----> router1  +---->  external1  |
|         |    |          |    |  FLAT       | 
+---------+    +----------+    +-------------+

+---------+    +----------+    +-------------+
|         |    |          |    |             |
|  net2   +----> router2  +---->  external2  |
|         |    |          |    |  VLAN 970   |        |
+---------+    +----------+    +-------------+
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-10-24 07:07:41 -0500

Seen: 671 times

Last updated: Oct 24 '16