<div dir="ltr">><span style="font-size:12.8px">These three sentences put together means that I should remove both </span><span style="font-size:12.8px">ethernet interfaces from my two bridge interfaces!</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">No, just remove the interfaces from whichever one is your integration bridge. There can be interfaces in the other OVS bridges that you put in bridge_mappings. So as I understand it, you intend 'br-physical' to be the equivalent of 'br-ex' in the example scenario, in which case its fine to have an interface in it and you should have a bridge_mapping entry for it in the L2 agent.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">></span><span style="font-size:12.8px">In my case, that's "br-physical" and "eth0". Which I have done.</span></div><span style="font-size:12.8px">>In my setup, "br-provider" is the integration bridge..</span><br style="font-size:12.8px"><div><span style="font-size:12.8px"><br></span></div><div>So br-physical should have a real interface in it and br-provider should not have any.</div><div><br></div><div>><span style="font-size:12.8px">Well, I'm not sure. In EVERY image, howto and example I've seen, including</span></div><span style="font-size:12.8px">>the one your linked to yesterday, there's always two networks: The administration</span><br style="font-size:12.8px"><span style="font-size:12.8px">>network and the (isolated) "where VMs reside" network..</span><div><br></div><div>Neutron supports an arbitrary number of networks so it depends on what you want. Each Neutron network corresponds to a particular unique (physnet + encapsulation) or an overlay encapsulation (e.g. VXLAN VNI).</div><div><br></div><div>Let's assume you just want two networks to start. Your external network is using the br-physical bridge with flat segmentation (a.k.a. untagged). So your VM network needs to either have another bridge with a different interface or it needs to use another encapsulation (e.g. VLAN or VXLAN) to keep the traffic between the two isolated.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 29, 2016 at 4:18 AM, Turbo Fredriksson <span dir="ltr"><<a href="mailto:turbo@bayour.com" target="_blank">turbo@bayour.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Jun 29, 2016, at 12:28 AM, Kevin Benton wrote:<br>
<br>
> you will also need to change that in the<br>
> nova compute config with the 'linuxnet_ovs_integration_bridge' setting<br>
<br>
</span>Ah, perfect! Thanx.<br>
<span class=""><br>
> Whatever your integration bridge is, it should *not* have any physical<br>
> interfaces plugged into it directly.<br>
<br>
</span>Oh. Oh?<br>
<span class=""><br>
> (In your original ovs-vsctl output it shows that eth0 is a member of<br>
> 'br-provider' and eth1 is a member of 'br-physical'.<br>
<br>
> So you need to remove eth1 from that if 'br-provider' is the<br>
> integration bridge.)<br>
<br>
</span>These three sentences put together means that I should remove both<br>
ethernet interfaces from my two bridge interfaces!<br>
<br>
And that isn't what the pages on <a href="http://os.org" rel="noreferrer" target="_blank">os.org</a> say:<br>
<br>
<a href="http://docs.openstack.org/admin-guide/networking_config-agents.html" rel="noreferrer" target="_blank">http://docs.openstack.org/admin-guide/networking_config-agents.html</a><br>
<br>
To uplink the node that runs neutron-l3-agent to the external<br>
network, create a bridge named br-ex and attach the NIC for the<br>
external network to this bridge.<br>
<br>
For example, with Open vSwitch and NIC eth1 connected to the<br>
external network, run:<br>
<br>
# ovs-vsctl add-br br-ex<br>
# ovs-vsctl add-port br-ex eth1<br>
<br>
In my case, that's "br-physical" and "eth0". Which I have done.<br>
<br>
In my setup, "br-provider" is the integration bridge..<br>
<span class=""><br>
> In your topology, did you want two networks to map to two separate real<br>
> networks on different interfaces? If so, create two physnets for them, each<br>
> with their own bridge_mapping.<br>
<br>
</span>Well, I'm not sure. In EVERY image, howto and example I've seen, including<br>
the one your linked to yesterday, there's always two networks: The administration<br>
network and the (isolated) "where VMs reside" network..<br>
<br>
In my case, eth1/br-physical and eth0/br-provider respectively.<br>
<br>
Eth0 does not have an uplink anywhere, and is only switched between the<br>
host, traffic can't go any where else.<br>
<br>
<br>
So in my understanding, traffic should go like this:<br>
<br>
VM/eth0 -> Compute/eth1 -> Control/eth1 -> Control/eth0 -> Site FW/GW<br>
<br>
Or, I guess, it could go out via eth0 on the Compute node directly. But<br>
eventually, one day, perhaps, I'll break out Neutron to it's own, separate<br>
physical machine, so I'd like to work that possibility into the design<br>
right now. Which I thought I did :)<br>
<span class=""><br>
> Also, in your l3_agent.ini, you should leave the 'external_network_bridge'<br>
> option explicitly set to a blank value. That will let the L2 agent do all<br>
> of the wiring and will result in the correct operational status for your<br>
> router gateway ports.<br>
<br>
</span>Ok, thanx.<br>
<span class=""><br>
> That chart came from:<br>
> <a href="http://docs.openstack.org/mitaka/networking-guide/scenario-classic-ovs.html" rel="noreferrer" target="_blank">http://docs.openstack.org/mitaka/networking-guide/scenario-classic-ovs.html</a><br>
<br>
</span>That doesn't talk about creating any bridges either.<br>
<span class="HOEnZb"><font color="#888888">--<br>
Ehhhhm - The battle cry of the cronical masturbater.<br>
- Charlie Harper<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</div></div></blockquote></div><br></div>