<p dir="ltr">Thank you, sir. I'll let you know how it goes.</p>
<p dir="ltr">Brandon</p>
<div class="gmail_quote">On Oct 13, 2014 6:37 PM, "Martinx - ジェームズ" <<a href="mailto:thiagocmartinsc@gmail.com">thiagocmartinsc@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Sure Brandon,<div><br></div><div>My files ml2_conf.init looks like this:</div><div><br></div><div>---</div><div><div>[ml2]</div><div>type_drivers = vlan</div><div>tenant_network_types = vlan<br></div><div>mechanism_drivers = openvswitch<br></div><div><br></div><div>[ml2_type_flat]</div><div><br></div><div>[ml2_type_vlan]</div><div>network_vlan_ranges = physnet1:2090:4094</div><div><br></div><div>[ml2_type_gre]</div><div><br></div><div>[ml2_type_vxlan]</div><div><br></div><div>[securitygroup]</div><div>enable_security_group = True</div><div>firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</div><div><br></div><div>[ovs]</div><div>enable_tunneling = False</div><div>tenant_network_type = vlan<br></div><div>integration_bridge = br-int</div><div>network_vlan_ranges = physnet1:2090:4094</div><div>bridge_mappings = physnet1:br-eth1</div></div><div>---</div><div><br></div><div>My Compute Nodes have two ethernets, eth0 in for "Node Internet Access at vlan200" / "Node Management at vlan210" and eth1 is where the "VLAN Provider Network" traffic flows on top of "br-eth1"...</div><div><br></div><div>Then I created each "net" as follows (1 for each tenant):</div><div><br></div><div>---</div><div>neutron net-create --tenant-id $TENANT1_ID --provider:physical_network=physnet1 --provider:network_type=vlan --provider:segmentation_id=2090 physnet1-vlan2090<br></div><div>neutron net-create --tenant-id $TENANT2_ID --provider:physical_network=physnet1 --provider:network_type=vlan --provider:segmentation_id=2091 physnet1-vlan2091<br></div><div>---</div><div><br></div><div>And after this, I connected via Horizon, to create the "subnets" (both IPv4-dhcp and IPv6-static).</div><div><br></div><div>Hope it helps!   :-)</div><div><br></div><div>Cheers!</div><div>Thiago</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 13 October 2014 19:17, Brandon Sawyers <span dir="ltr"><<a href="mailto:brandor5@gmail.com" target="_blank">brandor5@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I would love to see your config for vlan provider networks. We're interested in using these but are running into trouble getting it set up correctly, even using the link you provided.</p>
<p dir="ltr">Thanks,<br>
Brandon</p><div><div>
<div class="gmail_quote">On Oct 13, 2014 2:40 PM, "Martinx - ジェームズ" <<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey guys,<div><br></div><div>A few people asked me what kind of problems I reached when using GRE/VXLAN tunnels, well, here we go:</div><div><br></div><div>---</div><div><div>I faced lots of problems with Neutron L3 Router in the past, now, I'm using in production, the topology called "VLAN Provider Networks" (no GRE / VXLAN tunnels, only plain Flat tagged VLANs).</div><div><br></div><div>Like this:</div><div><br></div><div><a href="https://developer.rackspace.com/blog/neutron-networking-vlan-provider-networks/" target="_blank">https://developer.rackspace.com/blog/neutron-networking-vlan-provider-networks/</a></div><div><br></div><div>It is by far, much more stable, even when with OpenvSwitch. No more Neutron L3 Router... I'll start testing it again, with Juno (because of its native IPv6 support, seems pretty cool, BTW), looking to put it into prod again with K...</div><div><br></div><div>This way (Flat / VLAN provider), the Network Node runs only the dhcp and the metadata (iptables redirect to compute) services.</div><div><br></div><div>Also, there is no GRE / VXLAN tunnels, only plain tagged VLANs.</div><div><br></div><div>I have a guide to configure Flat Provider Network, which is very similar with VLANs (only that it have only 1 LAN, same topology with upstream router), take a look: <a href="https://github.com/tmartinx/openstack-guides/tree/master/IceHouse" target="_blank">https://github.com/tmartinx/openstack-guides/tree/master/IceHouse</a></div><div><br></div><div>-</div><div>Neutron L3 Router problems I faced (already fixed) - (there are more problems, like the one you're facing):</div><div><br></div><div>Directional network performance issues with Neutron + OpenvSwitch:<br></div><div><a href="https://bugs.launchpad.net/neutron/+bug/1252900" target="_blank">https://bugs.launchpad.net/neutron/+bug/1252900</a> - huge problem with a simple fix, by disabling gro with ethtool at your L3 Router</div><div><br></div><div>Attaching a IPv6 private subnet to a L3 Router, breaks it and its IPv4 Floating IPs:<br></div><div><a href="https://bugs.launchpad.net/neutron/+bug/1322945" target="_blank">https://bugs.launchpad.net/neutron/+bug/1322945</a></div><div>-</div></div><div><br></div><div>Another problem:</div><div><br></div><div>Neutron router and nf_conntrack performance problems:<br></div><div><a href="http://lists.openstack.org/pipermail/openstack-dev/2014-August/043269.html" target="_blank">http://lists.openstack.org/pipermail/openstack-dev/2014-August/043269.html</a></div><div>---</div><div><br></div><div>Not to mention that, when I first deployed OpenStack with Neutron L3 couple years ago, everything appeared to be working, Floating IPs, and ICMP connectivity but, when I tried to run "apt-get update" within a Instance. it did not worked... After digging a lot on the Interwebs, I figured out that I was seeing the infamous "MTU problem"... Lowering it to 1450 was the first workaround I touched with Neutron L3...</div><div><br></div><div>Also, during the life cycle of random instances, it sees too many network outages. Forcing me (the architect / operator) to shutdown the instances lots of times, run `neutron-ovs-cleanup` at the network and compute nodes, compute nodes reboots and then, "out-of-nothing", instance got connectivity again...</div><div><br></div><div>None of this problems exists on a plain VLAN topology.</div><div><br></div><div>And BTW, from my point of view, it seems very weird to deploy IPv6 connectivity to the instances, on top of IPv4 tunnels! That GRE / VXLAN... While I like the idea of "per-tenant routers with private networks", I also like the idea of stability and of the performance of plain (V)LANs. Q-in-Q seems a nice approach either.</div><div><br></div><div>-</div><div> Thiago</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 9 October 2014 23:17, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Just for the record, I gave up on Neutron L3 Router, powered by GRE/VXLAN tunnels. There are too many problems on this architecture.<div>I'm using Flat/VLAN Provider Networks right now (still with OpenvSwitch but, no problems), I'm looking for a new solution (with IPv6), I'll take a look at OpenContrail!</div><div><br></div><div>Thanks!<br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 9 October 2014 20:35, Rudrajit Tapadar <span dir="ltr"><<a href="mailto:rudrajit.tapadar+osgen@gmail.com" target="_blank">rudrajit.tapadar+osgen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">At Symantec's Cloud Platform Engineering, we have deployed OpenStack+OpenContrail at a fairly large scale. I can't give you exact numbers, but you can get some data points from our SDN evaluation presentation in the Atlanta summit: <a href="https://www.openstack.org/summit/openstack-summit-atlanta-2014/session-videos/presentation/software-defined-networking-performance-and-architecture-evaluation" target="_blank">https://www.openstack.org/summit/openstack-summit-atlanta-2014/session-videos/presentation/software-defined-networking-performance-and-architecture-evaluation</a><div><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 29, 2014 at 4:14 PM, Raghu Vadapalli <span dir="ltr"><<a href="mailto:rvatspacket@gmail.com" target="_blank">rvatspacket@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000"><span>
    <br>
    <div>On 09/29/2014 01:52 PM, Tim Bell wrote:<br>
    </div>
    <blockquote type="cite">
      
      
      
      <div>
        <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Are
            there any references for people running OpenContrail at
            scale ?<u></u><u></u></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
      </div>
    </blockquote></span>
    Though reference are good to have, in general, L3 networks are known
    to scale better than L2 networks. <br>
    Having said that, the complexity of two large frameworks  OpenStack
    + OpenContrail working together nicely in<br>
    deployment is not known to me. Any ideas ?<br>
    <br>
    <blockquote type="cite"><span>
      <div>
        <div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
          <div>
            <div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
              <p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"" lang="EN-US"> NAPIERALA, MARIA H
                  [<a href="mailto:mn1921@att.com" target="_blank">mailto:mn1921@att.com</a>]
                  <br>
                  <b>Sent:</b> 29 September 2014 19:26<br>
                  <b>To:</b> <a href="mailto:dennisml@conversis.de" target="_blank">dennisml@conversis.de</a><br>
                  <b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
                  <b>Subject:</b> Re: [Openstack] Rackspace abandons
                  Open vSwitch ?<u></u><u></u></span></p>
            </div>
          </div>
          <p class="MsoNormal"><u></u> <u></u></p>
          <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">……<u></u><u></u></span></p>
          <div>
            <p class="MsoNormal"><span></span><span><u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span>> What are the alternatives though? As far
                as I know the regular linux<u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span>> bridge lacks most of the features of OVS
                and these are the only to<u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span>> options I've played with so far. Is the
                a third alternative out there<u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span>> that they've switched to?<u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span> <u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span>One alternative is OpenContrail vRouter as
                ML3 plugin. It meets the scale and feature requirements.<u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span> <u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span>Maria<u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><span><u></u><u></u></span></p>
          </div>
          <div>
            <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><span><u></u><u></u></span></p>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </span><span><pre>_______________________________________________
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
    </span></blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div>
</div></div></blockquote></div><br></div>
</blockquote></div>