Open Stack

On Thu, Aug 25, 2022 at 11:31 AM Satish Patel <satish.txt at gmail.com> wrote:

> Hi Luis,
>
> Very interesting, you are saying it will only expose tenant ip on gateway
> port node? Even we have DVR setup in cluster correct?
>

Almost. The path is the same as in a DVR setup without BGP (with the
difference you can reach the internal IP). In a DVR setup, when the VM is
in a tenant network, without a FIP, the traffic goes out through the cr-lrp
(ovn router gateway port), i.e.,  the node hosting that port which is
connecting the router where the subnet where the VM is to the provider
network.

Note this is a limitation due to how ovn is used in openstack neutron,
where traffic needs to be injected into OVN overlay in the node holding the
cr-lrp. We are investigating possible ways to overcome this limitation and
expose the IP right away in the node hosting the VM.


> Does gateway node going to expose ip for all other compute nodes?
>

> What if I have multiple gateway node?
>

No, each router connected to the provider network will have its own ovn
router gateway port, and that can be allocated in any node which has
"enable-chassis-as-gw". What is true is that all VMs in a tenant networks
connected to the same router, will be exposed in the same location .


> Did you configure that flag on all node or just gateway node?
>

I usually deploy with 3 controllers which are also my "networker" nodes, so
those are the ones having the enable-chassis-as-gw flag.


>
> Sent from my iPhone
>
> On Aug 25, 2022, at 4:14 AM, Luis Tomas Bolivar <ltomasbo at redhat.com>
> wrote:
>
> 
> I tested it locally and it is exposing the IP properly in the node where
> the ovn router gateway port is allocated. Could you double check if that is
> the case in your setup too?
>
> On Wed, Aug 24, 2022 at 8:58 AM Luis Tomas Bolivar <ltomasbo at redhat.com>
> wrote:
>
>>
>>
>> On Tue, Aug 23, 2022 at 6:04 PM Satish Patel <satish.txt at gmail.com>
>> wrote:
>>
>>> Folks,
>>>
>>> I am setting up ovn-bgp-agent lab in "BGP mode" and i found everything
>>> working great except expose tenant network
>>> https://ltomasbo.wordpress.com/2021/02/04/ovn-bgp-agent-testing-setup/
>>>
>>> Lab Summary:
>>>
>>> 1 controller node
>>> 3 compute node
>>>
>>> ovn-bgp-agent running on all compute node because i am using
>>> "enable_distributed_floating_ip=True"
>>>
>>
>>> ovn-bgp-agent config:
>>>
>>> [DEFAULT]
>>> debug=False
>>> expose_tenant_networks=True
>>> driver=ovn_bgp_driver
>>> reconcile_interval=120
>>> ovsdb_connection=unix:/var/run/openvswitch/db.sock
>>>
>>> I am not seeing my vm on tenant ip getting exposed but when i attach FIP
>>> which gets exposed in loopback address. here is the full trace of debug
>>> logs: https://paste.opendev.org/show/buHiJ90nFgC1JkQxZwVk/
>>>
>>
>> It is not exposed in any node, right? Note when expose_tenant_network is
>> enabled, the traffic to the tenant VM is exposed in the node holding the
>> cr-lrp (ovn router gateway port) for the router connecting the tenant
>> network to the provider one.
>>
>> The FIP will be exposed in the node where the VM is.
>>
>> On the other hand, the error you see there should not happen, so I'll
>> investigate why that is and also double check if the expose_tenant_network
>> flag is broken somehow.
>>
>
>> Thanks!
>>
>>
>> --
>> LUIS TOMÁS BOLÍVAR
>> Principal Software Engineer
>> Red Hat
>> Madrid, Spain
>> ltomasbo at redhat.com
>>
>>
>
>
> --
> LUIS TOMÁS BOLÍVAR
> Principal Software Engineer
> Red Hat
> Madrid, Spain
> ltomasbo at redhat.com
>
>
>

-- 
LUIS TOMÁS BOLÍVAR
Principal Software Engineer
Red Hat
Madrid, Spain
ltomasbo at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20220825/25e13c2d/attachment-0001.htm>