<div dir="ltr"><div>In my opinion the provider network extension can also be used for mapping the tenant network directly to the physical network. For example, as shown in the official admin guide openvswitch scenario1 [1], we can configure tenant network to use segmentation id 101 to connect to VLAN 101 of physical switch. <br>
<pre class="">$ neutron net-create --tenant-id $tenant net01 \
--provider:network_type vlan \
--provider:physical_network physnet2 \
--provider:segmentation_id 101<br><br></pre>For this kind of use case, I think it makes sense to enforce the segmentation id in the range of network_vlan_range in ml2_conf.ini<br><br>[1] <a href="http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html#under_the_hood_openvswitch_scenario1">http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html#under_the_hood_openvswitch_scenario1</a><br>
<br><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 17, 2014 at 5:31 AM, Henry Gessau <span dir="ltr"><<a href="mailto:gessau@cisco.com" target="_blank">gessau@cisco.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">network_vlan_ranges is a 'pool' of vlans from which to pick a vlans for<br>
tenant networks. Provider networks are not confined to this pool. In fact, I<br>
believe it is a more common use-case that provider vlans are outside the<br>
pool so that they do not conflict with tenant vlan allocation.<br>
<br>
-- Henry<br>
<div><div class="h5"><br>
On Thu, Jan 16, at 3:45 pm, Paul Ward <<a href="mailto:wpward@us.ibm.com">wpward@us.ibm.com</a>> wrote:<br>
<br>
> In testing some new function I've written, I've unsurfaced the problem that<br>
> the ML2 vlan type driver does not enforce the vlan range specified in the<br>
> network_vlan_ranges option in ml2_conf.ini file. It is properly enforcing<br>
> the physical network name, and even checking to be sure the segmentation_id<br>
> is valid in the sense that it's not outside the range of ALL valid vlan ids.<br>
> But it does not actually enforce that segmentation_id is within the vlan<br>
> range specified for the given physical network in network_vlan_ranges.<br>
><br>
> The fix I propose is simple. Add the following check to<br>
> /neutron/plugins/ml2/drivers/type_vlan.py<br>
> (TypeVlanDriver.validate_provider_segment()):<br>
><br>
> range_min, range_max = self.network_vlan_ranges[physical_network][0]<br>
> if segmentation_id not in range(range_min, range_max):<br>
> msg = (_("segmentation_id out of range (%(min)s through "<br>
> "%(max)s)") %<br>
> {'min': range_min,<br>
> 'max': range_max})<br>
> raise exc.InvalidInput(error_message=msg)<br>
><br>
> This would go near line 182 in<br>
> <a href="https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_vlan.py" target="_blank">https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_vlan.py</a>.<br>
><br>
> One question I have is whether self.network_vlan_ranges[physical_network]<br>
> could actually be an empty list rather than a tuple representing the vlan<br>
> range. I believe that should always exist, but the documentation is not<br>
> clear on this. For reference, the corresponding line in ml2_conf.ini is this:<br>
><br>
> [ml2_type_vlan]<br>
> network_vlan_ranges = default:1:4093<br>
><br>
> Thanks in advance to any that choose to provide some insight here!<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div><br></div>