[Openstack] [openstack][neutron]external network packets to network node

Rajiv Duggal rduggal at dexsystems.com
Fri Jan 15 22:40:55 UTC 2016 

I can share what I am seeing for  Liberty since it is in works.
I have eno1 as the local network ( my premises end users etc)
Eno3 as the ceph network ( block storage interconnect)
Eno4 for internet ( out to  isp)

I find liberty very intuitive and exceptionally brilliant in its network modelling.
My uses cases :-

-        demo user  has a virtual router with a vxlan  range 10.1.5.0/24 and then that router has a external network as eno4 that is connected to a layer3 that routes to isp for floating ips. Mimics public cloud

-        Then I have user  say legacy that sets the eno1 as the external network that connects to a layer3 that connects to the main core of our premises ( end users etc). This provides for a private cloud.
The users are just for management you can have all under one users
Pending analysis for vlans  for private and public.

You can see once I configured ml2 plugins to allow for vxlan on any interface and allow public networks for eno1 and eno4 the corresponding bridge is auto negotiated.

[cid:image007.jpg at 01D14FA2.BBC6CFC0]

[cid:image008.jpg at 01D14FA2.BBC6CFC0]


And below ports
[cid:image009.jpg at 01D14FA2.BBC6CFC0]

From: Akshay Kumar Sanghai [mailto:akshaykumarsanghai at gmail.com]
Sent: Friday, January 15, 2016 2:11 PM
To: James Denton <james.denton at rackspace.com>
Cc: openstack at lists.openstack.org
Subject: Re: [Openstack] [openstack][neutron]external network packets to network node

Hi James,
Thanks for the explaination. How can i verify the existence of that bridge?  Is br-ex that bridge as this is the only bridge that connects to external network interface? How can i view the namespace of the virtual router which is responsible for the arp replies?
Thanks,
Akshay

On Sat, Jan 16, 2016 at 3:16 AM, James Denton <james.denton at rackspace.com<mailto:james.denton at rackspace.com>> wrote:
Hi Akshay,

In most cases, you won’t have IP addresses configured on interfaces used by Neutron.

The Neutron L2 agents set up or configure the virtual bridges/switches on the host based on the type of network in use (VLAN, FLAT, VXLAN, etc). In many cases, an external provider network may be setup as a VLAN network. In that case, the VLAN ID must correspond to the VLAN configured on the physical switch that corresponds to your external network connected to the external router. The Neutron virtual router will connect to a virtual switch/bridge that effectively “bridges” the virtual network with the physical network. When that happens, your physical router and your virtual router will be in the same Layer 2 broadcast domain and Layer 3 network. Thus, when you have floating IPs configured,they would come from the ‘external’ network/pool and your physical router would send ARP requests for those addresses. The virtual router would send ARP replies and the traffic would be forwarded and NAT’d accordingly.

Of course, all of this working depends on Neutron having been configured appropriately and the networks created with the proper provider attribute values.

Hope that helps,

James


From: Akshay Kumar Sanghai <akshaykumarsanghai at gmail.com<mailto:akshaykumarsanghai at gmail.com>>
Date: Friday, January 15, 2016 at 3:13 PM
To: "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
Subject: [Openstack] [openstack][neutron]external network packets to network node

Hi,
I have done a kilo ubuntu installation of openstack. One thing i noticed was the network node's external interface is unnumbered. Then how does the external router forwards the packet to the network node? Suppose a vm has a floating ip . I send a packet to that vm using the floating ip. The nat happens at the network node. How does the packet reached the network node as there is no ip assigned to the interface. I have not configured dvr and l3 agent is running on network node.

Thanks,
Akshay

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160115/dfaf619b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 92060 bytes
Desc: image007.jpg
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160115/dfaf619b/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 95756 bytes
Desc: image008.jpg
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160115/dfaf619b/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.jpg
Type: image/jpeg
Size: 86161 bytes
Desc: image009.jpg
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160115/dfaf619b/attachment-0002.jpg>

More information about the Openstack mailing list