<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 10, 2015 at 9:51 AM, Leslie-Alexandre DENIS <span dir="ltr"><<a href="mailto:contact@ladenis.fr" target="_blank">contact@ladenis.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div>Le 08/07/2015 18:35, Gustavo Randich a
écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>Hi,<br>
<br>
We are trying to figure out how to transition from a
network model using nova-network and a single VLAN to a
model using Neutron and multiple VXLAN tunnels.<br>
<br>
</div>
<div>The main issue is not how to configure and setup the
tunnels, but how to expose the new virtual machines born
inside the tunnels to our "legacy", non-VXLAN,
non-Openstack networks, i.e. DNS serrvers, databases,
hardware load balancers, monitoring/metrics servers, etc.<br></div></div></div></div></blockquote></div></blockquote><div>There are a few options. You could have a secondary interface on your VMs that tie to a VLAN which would be L2 from the compute node to your service infrastructure. That will mean extra interfaces and bridges on your compute nodes.</div><div><br></div><div>Another interesting option (and one I am currently working on implementing) is to extend your neutron VXLANs to your physical network using the new hierarchical port binding features. This is fairly new goo and requires that you be running Kilo. There was a presentation utilizing Cumulus Linux switches in Vancouver, and that's what I'm running. You can watch it here:</div><div><br></div><div><a href="https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/neutron-hierarchical-port-binding-what-is-it-and-why-you-should-deploy-it">https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/neutron-hierarchical-port-binding-what-is-it-and-why-you-should-deploy-it</a><br></div><div><br></div><div><span style="font-size:12.8000001907349px">There are probably other fancy ways of doing similar things with other switches. They just have to be able to act as VTEPs. You also may be able to run a VTEP on each compute node, but that could potentially cause unwanted overhead.</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">You can, of course, also simply add an interface to your tenant routers into your service infrastructure network and inject a route for any networks that you need to go that way. With DVR and L3-HA, the single point of failure is not nearly the issue it once was.</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><blockquote type="cite"><div dir="ltr"><div><div><div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
What I understand from Neutron use of VXLAN/GRE, is that it's only
for encapsulating L2 traffic into L3 from tenant/project to
networking node(s). It permits to bypass the L2 configuration (i.e.
switches) that exists between your servers.<br>
<br>
See:
<a href="http://docs.openstack.org/networking-guide/_images/scenario-legacy-ovs-flowns1.png" target="_blank">http://docs.openstack.org/networking-guide/_images/scenario-legacy-ovs-flowns1.png</a><br>
<br>
The decision to route the packet is made by the qrouter/L3 agent on
the networking node(s). <br>
Eventually you can create a L2 only network inside Neutron and
assign a gateway that is a physical device outside your servers.<br>
<br>
See:
<a href="http://docs.openstack.org/networking-guide/deploy_scenario4a.html" target="_blank">http://docs.openstack.org/networking-guide/deploy_scenario4a.html</a><br>
<br>
I'm also currently on the task to migrate a full nova-network VLAN
network to a Neutron VLAN topology for fixed IPs and VXLAN/GRE
topology for floating IPs.<br>
<br>
Hope Neutron specialists are around :)<br>
<br>
See you,<br>
<br>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div><div class="gmail_extra">-Erik</div></div>