Ask Your Question

l2edzl3oy's profile - activity

2015-01-21 16:43:16 -0500 received badge  Famous Question (source)
2015-01-20 22:18:20 -0500 received badge  Scholar (source)
2015-01-20 22:18:15 -0500 received badge  Supporter (source)
2015-01-20 00:05:56 -0500 commented answer How does Neutron implement overlapping IPs?

Thanks for the answer. Would you be able to elaborate a bit more on how the routing is done to different namespaces? Suppose that 1 network node has 2 Neutron routers with same IP address, each running in different namespaces. How does network node know which router it should route to?

2015-01-19 20:48:46 -0500 received badge  Teacher (source)
2015-01-19 20:43:59 -0500 received badge  Editor (source)
2015-01-19 20:39:08 -0500 answered a question Does neutron (br-int) accepts nova instances sending vlan tagged traffic ?

There is a good explanation on this website. See Figure 7.2:

image description

We first assume that we are using Openvswitch. Internally within the compute node, tenant flows are separated by internally assigned VLAN IDs. This is configured by Neutron L2 Agent. On br-int, the traffic on ports that link up towards the VMs are tagged with VLAN IDs (this is configured by L2 Agent). For example (my example is slightly different from Figure 7.2), suppose VM1 and VM2 belong to Tenant A, and VM3 and VM4 belong to Tenant B. One possible configuration by L2 Agent is to assign VM1 and VM2 with VLAN ID 1 (for Tenant A), and assign VM3 and VM4 with VLAN ID 2 (for Tenant B). So traffic going into the VMs from br-int are assigned with those respective VLAN IDs, and traffic coming from the VMs to br-int are assumed to be tagged with those respective VLAN IDs. This is for internal traffic between VMs and br-int.

For traffic coming from and going out to the actual physical network where VM traffic flows (i.e. the actual physical switches that send traffic among compute nodes where the VMs are running), the Openstack administrator can specify the network_type used for this network (e.g. local, flat, VLAN, VXLAN, or GRE - there are 5 at the current Openstack Juno release). This can be configured in ML2 plugin. I assume that VLAN was used (Figure 7.2 also shows a VLAN example). Now in ML2 plugin, you can assign VLAN_ranges (e.g. 101-110) for tenant traffic on the actual physical network where VM traffic flows. Traffic flowing within the actual physical network will be tagged with these configured VLAN ranges (and NOT the internally assigned VLAN IDs as per the previous paragraph regarding traffic within the compute node). So for example, Tenant A could be assigned VLAN ID 101, while Tenant B could be assigned VLAN ID 102.

Now the most important part is the modification of VLAN IDs when traffic goes out (or into) the compute node. OVS rules are configured by L2 Agent for br-int (and br-eth1 as in Figure 7.2) to handle this modification. So, in our example, when traffic coming from Tenant A in VMs 1 and 2 arrive at br-int, they will have VLAN ID 1. But when it goes from br-int out into the physical network, the VLAN ID is modified from 1 to 101. And when Tenant A traffic is going into the compute node from the physical network, it first has VLAN ID 101, and after which, this VLAN ID is modified to 1 as it passes through br-int so as to correctly reach the VMs 1 and/or 2.

You generally would not want to touch the internally assigned VLAN IDs (L2 Agent automatically handles this). But if you want to specify settings, you would do it for the physical network. For this example, we used VLAN segmentation and VLAN ranges 101-110 on the physical network ... (more)

2015-01-18 03:07:37 -0500 received badge  Notable Question (source)
2015-01-17 16:58:24 -0500 received badge  Popular Question (source)
2015-01-17 10:05:24 -0500 asked a question How does a network host route packets to different network namespaces?

Hi, I have been reading up on Neutron networking on this webpage: http://docs.openstack.org/admin-guide-cloud/content/under_the_hood_openvswitch.html (http://docs.openstack.org/admin-guide...) .

I am wondering how a network host routes packets to different OVS internal ports with the same IP address in different network namespaces. To better illustrate my question, here is an example picture from the webpage: http://imgur.com/eelU5gX . Sorry that I can't upload the picture directly into this question as I don't have enough points yet.

Consider that there are 2 OVS internal ports, each in its own separate network namespace, on br-int: tapXXX (in qdhcp-aaaa) and tapWWW (in qdhcp-cccc). One dnsmasq process is attached to each port for 2 different tenants (and thus 2 different Neutron networks). Suppose that both tenants define the same Neutron subnet range of 192.168.1.0/24, and that both the tapXXX and tapWWW have the same IP address of 192.168.1.1.

Now, given that each tenant has VMs running on separate hosts that are the compute nodes, how does the network host route a received packet with IP address 192.168.1.1?

In the webpage, it seems that the VM data network is segmented by VLAN, and I understand how br-int (and other virtual bridges) modify the VLAN tag for incoming and outgoing traffic according to each tenant's VMs. But I am not too sure how network namespaces fit into the whole neutron networking logic.

It would be best if someone could explain the path taken by a packet starting from eth0 of the VM of each tenant and ending at their own respective dnsmasq processes. Thanks!