<div dir="ltr"><div>Here's an ASCII diagram[1] of the network topology on the controllers of a system we deployed earlier this year using kayobe[2].</div><div><br></div><div>As Sam said, we don't touch the neutron OVS bridge, in this case because it's managed entirely by kolla-ansible. Instead, we create a Linux bridge which is plugged into a trunk port (eno1), and add a VLAN subinterface to the bridge to access the provisioning VLAN. The TFTP server listens on this interface (breno1.7). The tagged VLAN traffic is passed through to the neutron OVS bridge via a veth pair. This saves us an ethernet interface at the expense of virtual complexity.</div><div><br></div><div>Mark</div><div><br></div><div>[1] <a href="http://paste.openstack.org/show/623681/">http://paste.openstack.org/show/623681/</a></div><div>[2] <a href="https://kayobe.readthedocs.io">https://kayobe.readthedocs.io</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 13 October 2017 at 10:55, Sam Betts (sambetts) <span dir="ltr"><<a href="mailto:sambetts@cisco.com" target="_blank">sambetts@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="m_-1044140547016041163WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">There are multiple options for doing this, but I suggest avoiding manually plumbing anything into OVS as it can lead to some nastiness in the future.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">My personal recommended way to do this is to create the provisioning network in neutron with a known VLAN and trunk it separately down to the ironic services.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">To do this first exclude the chosen VLAN from the range of tenant provisionable VLANs, and then create the provisioning network in neutron with the --physical-network <physnet> and
--segmentation-id <VLAN> flags.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Next you need to create the subnet for that network, and we know that we need to run the ironic services (like TFTP on this network) so when you create the subnet you need to exclude
some IP addresses from the allocation pool (these IP address will be statically assigned by us outside of neutron’s control) for example subnet CIDR <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>, allocation-pool: 10.0.0.1, 10.0.0.250 will give us 4 IPs for ironic services.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Then on my Ironic services server I trunk the provisioning VLAN down on an interface that isn’t assigned to a bridge/given to neutron (normally I use the same network interface which
is used for inter-service communication e.g. eth0 when eth1 is assigned to neutron) and then create a VLAN sub-interface on that NIC e.g. eth0.<provisioning VLAN> and assign it one of the IP addresses I reserved from the allocation pool earlier.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The Ironic TFTP server, the Ironic API, and conductor for provisioning then operate over this IP address/network interface.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Then when I need to scale up our Ironic services, I can replicate the same trunk and sub-interface on each conductor server assigning a different one of the reserved IPs to each,
letting our ironic services happily scale up horizontally as intended. <span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></p><span class="HOEnZb"><font color="#888888">
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Sam<u></u><u></u></span></p></font></span><div><div class="h5">
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u> <u></u></span></p>
<div>
<div>
<p class="MsoNormal">On 12/10/2017, 23:42, "Waines, Greg" <<a href="mailto:Greg.Waines@windriver.com" target="_blank">Greg.Waines@windriver.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt">Hey,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We are in the process of integrating OpenStack Ironic into our own OpenStack Distribution.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt">One of the areas that we cannot find a good description of is:</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> How is the interface for the tftpboot server typically configured on OVS ?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt">i.e.</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph"><u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">i know tftpboot server runs on the same node as ironic-conductor,
</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph"><u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">i know tftpboot server needs to have an interface on the ‘provisioning’ tenant network, and</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph"><u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">i know the tftpboot server IP address and the ‘provisioning’ network are configured in ironic.conf</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph"><u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">BUT</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:1.0in">
<u></u><span style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">how is the interface on the ‘provisioning’ tenant network configured for tftpboot server ?</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:1.5in">
<u></u><span style="font-family:Wingdings"><span>§<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">i.e. how is it configured on OVS ?</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:2.0in">
<u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">assuming it would be an OVS virtual port that would be connected to<br>
the ‘provisioning’ tenant network</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:1.5in">
<u></u><span style="font-family:Wingdings"><span>§<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">i.e. how is this done upstream ?<br>
e.g.</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:2.0in">
<u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">is a TAP(?) interface configured ?<br>
and</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:2.0in">
<u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">is a Neutron Port configured on the ‘provisioning’ tenant network,<br>
with a reserved IP Address from ‘provisioining’ tenant network’s subnet and<br>
a MAC address from TAP interface ?<br>
and</span><u></u><u></u></p>
<p class="m_-1044140547016041163MsoListParagraph" style="margin-left:2.0in">
<u></u><span style="font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt">the L2-Agent manages the binding of the TAP Interface to the<br>
‘provisioning’ tenant network within OVS ?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Can anybody point me to or provide a detailed description of how this is done upstream ?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt">thanks in advance,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Greg.</span><u></u><u></u></p>
</div></div></div>
</div>
<br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br></blockquote></div><br></div>