Ask Your Question

paullaurence's profile - activity

2016-06-29 23:59:17 -0600 received badge  Famous Question (source)
2016-06-29 23:59:17 -0600 received badge  Notable Question (source)
2016-06-07 03:52:38 -0600 answered a question GRE vs VxLAN tunneling Performance

Hi Amedeo,
Thanks for sharing your results. Yes, I'm getting around 7 Gbits/sec using MTU-9000 and I have the same as you in the config (veth_mtu = 8900) so that was roughly expected.

My concern was more - Why, when using MTU 1500 can I get around 4 Gbits/sec using GRE and only 2 Gbits/sec when using VxLAN. Did you test your setup with 1500-MTU at any stage? I'm just thinking that if, in a particular scenario where only 1500-MTU can be used that it would be best advised to use GRE rather than VxLAN?

hmm, now I'm wondering - is there a little overhead with the DVR implementation? or maybe newer releases such as Liberty - with latest OVS release are optimized for VxLAN? I might upgrade to Liberty next week and see if I experience same results.

Paul

NEW UPDATE

I have tx-udp_tnl-segmentation enabled on my Broadcom NICs and have also tried with generic-receive-offload turned on but still no improvement. But further inspection to the switch - I am using an Arista 7050T - it is not capable of VxLAN so would it be safe to assume that is where my problem lies?

Paul

2016-06-07 03:49:43 -0600 received badge  Editor (source)
2016-06-05 14:48:53 -0600 answered a question GRE vs VxLAN tunneling Performance

OK, so I have an update from my tests.

I have 3 node DVR Kilo implementation (1x Controller/network, 2x Compute).

I have tested with both the following 10Gbit network cards:

  • Intel Ethernet X540 10Gb BT DP + i350 1Gb BT DP Network Daughter Card

  • Broadcom 57810 DP 10Gb BT Converged Network Adapter

Whatever I try, I get roughly the same results for east/west traffic (GRE better than VxLAN):

VXLAN

  • east/west MTU-1500 TCP = 1.87 Gbits/sec

  • east/west MTU-9000 TCP = 5.82 Gbits/sec

GRE

  • east/west MTU-1500 TCP = 3.39 Gbits/sec

  • east/west MTU-9000 TCP = 7.86 Gbits/sec

I have tried extending the MTU for VxLAN to 1600 - no difference in result.

I have tried with and without 'ethtool -K INTERFACE_NAME gro off' - no difference in result.

There is not much difference in CPU usage between GRE and VxLAN.

Open vSwitch version is: 2.3.2, using KVM, OS is Ubuntu.

Anyone else seeing better GRE results that VxLAN - or know a reason why?

regards,

Paul

2016-06-05 04:54:43 -0600 received badge  Famous Question (source)
2016-06-05 00:23:00 -0600 received badge  Notable Question (source)
2016-06-04 23:50:39 -0600 received badge  Popular Question (source)
2016-06-04 15:54:39 -0600 asked a question GRE vs VxLAN tunneling Performance

Hi,

I have a 3 node Openstack Kilo testbed installed - 1x Controller/network and 2 Compute nodes. And I have DVR configured. I am using Iperf3 to test under numerous conditions, but starting point is the tunneling performance using GRE and VXLAN for east/west (vm to vm). Obviously in this scenario with DVR the traffic goes straight from compute1 to compute2. I have these connected to an Arista switch with 10Gbit/sec ports and the servers are Dell poweredge with 10Gbit/sec Intel NICs.

I was expecting that I would get better performance with VxLAN over GRE but when using both 1500-MTU and 9000-MTU, I get better performance from GRE and for example, using VxLAN with 1500-MTU, TCP tests are getting less than 2Gbit/sec.

Here are some approximate test results:

MTU 1500 VXLAN

east/west MTU-1500 TCP = 1.87 Gbits/sec

MTU 9000 VXLAN

east/west MTU-9000 TCP = 5.82 Gbits/sec

MTU 1500 GRE

east/west MTU-1500 TCP = 3.79 Gbits/sec

MTU 9000 GRE

east/west MTU-9000 TCP = 7.86 Gbits/sec

Is this likely to be down to my physical network card or could there be some other factor in these results? I'm pretty sure all my VxLAN config is correct. Its the VxLAN TCP 1500-MTU test that is most surprising.

The Intel network cards I am using don't have the option to enable 'ethtool -K ethX tx-udp_tnl-segmentation' not sure if that is a factor in these results?

thanks in advance, Paul

update:

I have tested with both the following 10Gbit network cards:

Intel Ethernet X540 10Gb BT DP + i350 1Gb BT DP Network Daughter Card

Broadcom 57810 DP 10Gb BT Converged Network Adapter

Whatever I try, I get roughly the same results for east/west traffic (GRE better than VxLAN):

VXLAN

east/west MTU-1500 TCP = 1.87 Gbits/sec

east/west MTU-9000 TCP = 5.82 Gbits/sec

GRE

east/west MTU-1500 TCP = 3.79 Gbits/sec

east/west MTU-9000 TCP = 7.86 Gbits/sec

I have tried extending the MTU for VxLAN to 1600 - no difference in result.

I have tried with and without 'ethtool -K INTERFACE_NAME gro off' - no difference in result.

There is not much difference in CPU usage between GRE and VxLAN.

Open vSwitch version is: 2.3.2, using KVM, OS is Ubuntu.

Paul

2016-02-18 16:03:36 -0600 received badge  Popular Question (source)
2016-02-01 09:20:33 -0600 answered a question Identity back end with LDAP - cannot modify tenant quotas

Wouldn't you know - as soon as I ask the question I figured out how to update.

I just used: $ openstack project list $ openstack project show PROJECT and then e.g: $ neutron quota-update --tenant_id PROJECT_ID --network 100

thanks, Paul

2016-02-01 09:07:54 -0600 asked a question Identity back end with LDAP - cannot modify tenant quotas

Hi,

I have almost identical LDAP identity config as: http://docs.openstack.org/admin-guide...

But I have found that I can now only set the Default quotas - and cannot modify quotas on a per-tenant basis.

I seen here: http://docs.openstack.org/user-guide-... that you can add the quota driver (quota_driver = neutron.db.quota_db.DbQuotaDriver) to modify per-tenant-quotas, but that does not seem to work for me.

when I run 'neutron quota-list' - this does not return any tenant_id's.

Is there something else I need to add to be able to modify tenant-quotas while using LDAP as the identity backend?

Thanks, Paul

2015-12-04 08:19:37 -0600 received badge  Famous Question (source)
2015-12-04 08:18:22 -0600 received badge  Popular Question (source)
2015-11-18 06:30:07 -0600 commented answer haproxy balancing for HA in Active/Active mode

Great, thanks - I thought that would be the case.

2015-11-16 07:01:00 -0600 asked a question haproxy balancing for HA in Active/Active mode

Hi,

I have two Controllers/Service nodes running in Active/Active mode and a couple of HAProxy nodes to balance over them. I have Pacemaker running for L3 agent/metadata agent etc.

I'm using Galera as my cluster database, but the config guide in Openstack set the balancing method in HAProxy to 'service' - which will always select my Controller1 unless it goes down - then Controller2 will be used.

Would it not be more beneficial to set the balancing method to say; round robin and spread the load if multiple users are accessing horizon?

Do you think this way would be more likely to create problems with the Galera database?

thanks in advance.

Paul

2015-11-16 06:52:37 -0600 answered a question DVR - No need for SNAT so can Network node be removed?

I did just run the networking services on the controller so I just have controller/service node and as many compute nodes as I like - no network node.

I now also have the controller/service node in HA active/active - using pacemaker for the couple of services that need to be run in active/passive.

I also use removed the need for cinder block by using our EMC SAN - using the cinder-emc-direct driver on the service node and registering all nodes with the SAN over iSCSI. And I also removed the need for Object(Swift) by using the SAN again to mount NFS to the Service nodes (glance store).

Just about ready to role into production - just LDAP left to configure! :-)

2015-11-16 06:45:26 -0600 received badge  Notable Question (source)
2015-11-16 06:45:26 -0600 received badge  Popular Question (source)
2015-11-16 06:45:26 -0600 received badge  Famous Question (source)
2015-09-23 06:29:05 -0600 asked a question Scaling Service node with DVR

Hi,

I have a current install of Kilo with DVR which connects to EMC SAN for block storage. I am currently working on setting up two Active/Active Service nodes.

To run the Layer3 agent in active/active you have to configure with VRRP - but this is still not compatible with DVR in the Kilo release.

I have no need for using SNAT so all my traffic goes directly out of my Compute hosts.

My Question:

Can I set up two Service nodes in active/active mode but just set up the layer3 agent without VRRP. I presume by doing this the SNAT routers will only be created on the Service node which has been selected by the HAProxy but the DVR router will be created on the compute node as normal.

If this is the case, what would be the implications of a failure to one of Service nodes? I am hoping that the Distributed routers would stay in tact on the Compute nodes and VM traffic would not be altered.

Im going to test this out now but thought someone might have been in this position before? If this is not possible is there another way to implement two Active/Active Services nodes whilst using DVR?

thanks Paul

2015-08-27 02:45:28 -0600 received badge  Notable Question (source)
2015-08-21 12:13:21 -0600 received badge  Popular Question (source)
2015-08-20 16:32:49 -0600 commented question openstack high availability glance without swift

Great, thanks for that - i'll give that a go in the morning!

2015-08-20 16:05:14 -0600 asked a question openstack high availability glance without swift

Hi, I have an Openstack Kilo install with DVR but I now want to scale my Controller/Service node.

I'm working through configuring an active/active HA install.

I have a few HAProxy nodes, two Controllers to start with, and I have installed mysql with galera, rabbitmq cluster, and have keystone setup.

My question is with regard to Glance. With two nodes running Glance, they need to use shared storage. I don't want to install Swift just yet, and i'm just wondering if it is possible to just create a shared repository and use that rather than having to install Swift?

thanks in advance.

Paul

2015-07-03 10:43:31 -0600 answered a question Connecting Cinder node to EMC SAN

Ignore this question.... I thought I would have to add an extra NIC to the compute nodes to connect to the SAN - but that was not the case.

I ended up getting the emc-direct driver to work by registering the compute nodes (over iSCSI) with the EMC SAN, and I now run the cinder-volume service on my Controller/Service node - so there is no need for a Cinder node at all.

If anyone needs to see my cinder.conf file, let me know and I will paste it in.

regards, Paul

2015-06-12 13:12:52 -0600 received badge  Popular Question (source)
2015-06-12 13:12:52 -0600 received badge  Famous Question (source)
2015-06-12 13:12:52 -0600 received badge  Notable Question (source)
2015-06-04 11:09:03 -0600 asked a question Connecting Cinder node to EMC SAN

Hi,

I have an install of Kilo running across a number of physical nodes: 1xController/Service node, 2xCompute, and 1x Block(Cinder).

At the moment I have 500gb disk on the Cinder node and I can create volumes and attach them to VMs etc.

I want to provision a number of TB from EMC SAN to Cinder. The EMC VNX Direct driver install: here actually connects the Compute hosts to the SAN with the Cinder node Optionally connecting to the SAN -so iSCSI traffic goes between SAN and Compute node. I see how this makes perfect sense - BUT:

I have limited NICs on the Compute hosts, and I'm wondering what would be the implications of just provisioning say 3TB of SAN disk to the Cinder node and having iSCSI traffic going between SAN to Cinder then Cinder to Compute?

Is this possible and would I run into problems this way?

thanks in advance.

2015-05-30 06:19:24 -0600 answered a question Number of GRE tunnels in DVR

I'm just wondering if this is the effect of using only one compute node? the guide for DVR suggests a minimum of two compute nodes. http://docs.openstack.org/networking-...

2015-05-30 06:12:49 -0600 received badge  Enthusiast
2015-05-29 11:11:12 -0600 received badge  Self-Learner (source)
2015-05-29 11:11:12 -0600 received badge  Teacher (source)
2015-05-28 15:22:08 -0600 answered a question ValueError: DVR deployments for VXLAN/GRE underlays require L2-pop to be enabled, in both the Agent and Server side

Hi, Yes the answer was l2_population = True rather than l2population = True I realized I had made the mistake earlier today. Everything working fine now! :-)

Thanks for the replies!

2015-05-28 07:15:01 -0600 received badge  Famous Question (source)
2015-05-28 00:34:10 -0600 received badge  Notable Question (source)
2015-05-28 00:34:10 -0600 received badge  Popular Question (source)
2015-05-27 14:32:20 -0600 asked a question ValueError: DVR deployments for VXLAN/GRE underlays require L2-pop to be enabled, in both the Agent and Server side

Hi, I have DVR running perfectly on Juno (1 controller, 1 network, 2 compute) I am working through a kilo install but after configuring Neutron on the network node I noticed that Open vSwitch agent was not present when running 'neutron agent-list' on the controller.

After going back to the network node I see the 'openvswitch-agent.log' outputing:

ValueError: DVR deployments for VXLAN/GRE underlays require L2-pop to be enabled, in both the Agent and Server side.

my ml2_conf.ini is similar to below:

[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch,l2population

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = TENANT_NETWORK_TUNNELS_INTERFACE_IP_ADDRESS
enable_tunneling = True
bridge_mappings = external:br-ex

[agent]
l2population = True
tunnel_types = gre
enable_distributed_routing = True
arp_responder = True

Anyone else had this issue?

2015-04-21 11:26:12 -0600 received badge  Famous Question (source)
2015-04-19 22:58:58 -0600 received badge  Notable Question (source)
2015-04-19 08:37:29 -0600 received badge  Popular Question (source)
2015-04-17 00:59:42 -0600 received badge  Student (source)