[neutron] Can br-ex and br-tun use the same interface?

Sean Mooney smooney at redhat.com
Tue Feb 18 13:01:51 UTC 2020


On Tue, 2020-02-18 at 13:55 +0100, Slawek Kaplonski wrote:
> Hi,
> 
> > On 18 Feb 2020, at 13:30, Sean Mooney <smooney at redhat.com> wrote:
> > 
> > On Tue, 2020-02-18 at 20:03 +0800, Zhengyu Pan wrote:
> > > Hi,
> > > Thank you. Do i  only need to add a patch port  that connects br-ex with br-tun? And create a port that binds
> > > tunnel
> > > ip  in br-ex?
> > 
> > no the br-ex should be connect to the br-int by a patch port already and the br-tun will be connected to the br-int
> > via a patch port already so br-tun and br-ex are connected indirectly so the optimisation will work.
> > if you do not have a patch port between br-ex and br-int then yes you shoudl create one.
> 
> Patch ports between br-int and all external bridges defined in bridge_mappings are created automatically by neutron-
> ovs-agent: 
> https://github.com/openstack/neutron/blob/8ba44d672059e2dbea6a0516e5832cec40800a77/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1420

yep they shoudl be. however if you have not configured the bridge mapping becasue you are not usign provider networks
you might not have one. that said i have always configure them via the bridge mappings.
> 
> > 
> > you want to avoid a loop between the bridge so you dont want all bridge to be connected directly.
> > they should all connect to br-int but not to each other.
> > 
> > regarding the ip i alwasy just configruied it on the br-ex local bridge port
> > so "ifconfig br-ex 192.168.100.42/24 up" or whatever you ip is.
> > you can obviously do that with network manager or systemd network script too.
> > 
> > just ensure whatever ip is set as the neutron local tunnel ip is assigned to the br-ex and
> > your tunnel traffic will use that interface as long as the routing table identifs it as the correct
> > interface.
> > 
> > if you have two interface in the same subnet or your vxlan tunnel ips are on multiple subnets and are routed
> > you need to make sure the metric/route pirortiy for the br-ex will be set correctly so that it is selected instead
> > of
> > other options.
> > 
> > normally you wont have to do anything as your tunnel endpoint ips will come form a singel subnet and you wont have
> > other
> > interfaces in the same range i just mention that above incase you have a non standard deployment. 
> > > 
> > > 
> > > --
> > > 
> > > Thanks.
> > > Zhengyu
> > > 
> > > 
> > > 
> > > At 2020-02-18 18:39:25, "Sean Mooney" <smooney at redhat.com> wrote:
> > > > On Tue, 2020-02-18 at 19:12 +0800, Zhengyu Pan wrote:
> > > > > hi,
> > > > >    I have only two physical  interfaces. In my deploying, network node and compute node are the same. 
> > > > > Can Bridge br-tun and br-ex use the same interface when using vxlan network type ? management network use the
> > > > > other
> > > > > interface?
> > > > 
> > > > yes they can. the way this works wehn ovs encapsulates teh packet the vxlan tunnel endpoint ip is used to lookup
> > > > what
> > > > interface to transmit the packet on. so to use the same interface for both tunnels and provider networks you
> > > > need
> > > > to assign the tunnel endpoint ip to br-ex. ovs has a special operation at the dataplane level call out_port
> > > > which is
> > > > different form output. if ovs detects that the the source ip adress of the vxlan tunnel is assocaited with a
> > > > bridge,
> > > > in this case  br-ex and if that bridge is connect to the bridge with the tunnel port directly or indirectly via
> > > > patch
> > > > ports i it will use the out_port action to skip sending the packet via the kernel networking stack.
> > > > 
> > > > so if you use use an interface that is attached to an ovs bridge it will actully imporve performance in general.
> > > > that said adding the tunnel endpoint ip to the br-tun and adding an interface to br-tun used to crash ovs. i
> > > > dont
> > > > know
> > > > if that was ever fixed but i would recommend not trying and just adding the tunnel enpoint ip to br-ex.
> > > > 
> > > > not that this is the recommended way to deploy ovs-dpdk as if you dont add the tunnel endpoint ip to br-ex all
> > > > packets
> > > > that use vxlan will be sent via the kernel which will significantly reduce performance.
> > > > 
> > > > im not sure if this works with hardwar offloaded ovs but i would consider it a bug if it did not.
> > 
> > 
> 
>> Slawek Kaplonski
> Senior software engineer
> Red Hat
> 




More information about the openstack-discuss mailing list