[neutron] Next step for BGP routed networks over segmented provider infrastructure segments

7 Jan 2021


      Hi Ryan, and all of the Neutron team,
Today, I'm happy to let you know that I've been able to finish the patch
and that it's merged:
https://review.opendev.org/c/openstack/neutron/+/669395
I also managed to add some docs to Neutron about it:
https://docs.openstack.org/neutron/latest/admin/config-bgp-floating-ip-over-...
We've used it in a pre-production environment, and it just works as
expected, it's kind of great.
However, there's some feature gaps that would need to be addressed. Namely:
- external-gateway of routers aren't advertized
- we can't do direct attach of public IPs to VMs
- I failed adding IPv6 dual stack to this setup
Let me go into more details for each of these 3 points.
1/ No BGP advertizing for the router default gateways
When doing:
openstack router set --external-gateway <provider-net> <router>
we then get this type of port:
# openstack port show <UUID> -c binding_vif_details -c binding_vif_type
+---------------------+-------------------------------------------------------------------------------------------------------------+
| Field               | Value
                                                           |
+---------------------+-------------------------------------------------------------------------------------------------------------+
| binding_vif_details | bridge_name='br-int', connectivity='l2',
datapath_type='system', ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type    | ovs
                                                           |
+---------------------+-------------------------------------------------------------------------------------------------------------+
which doesn't match the type of port we have for floating IPs:
# openstack port show <UUID> -c binding_vif_details -c binding_vif_type
+---------------------+---------+
| Field               | Value   |
+---------------------+---------+
| binding_vif_details |         |
| binding_vif_type    | unbound |
+---------------------+---------+
and then, the next HOP for the router gateway isn't advertized over BGP.
Do you know how we could get neutron-dynamic-routing to do that
advertizing, with the next HOP on the network node(s)? Where should that
code be patch? Inside Neutron, or in neutron-dynamic-routing? Is this
really related to the port type as I've showed above?
2/ No direct attach to VM ports
We can't attach a port with an IP network:routed directly to a VM. I
tried to add the subnet type "compute:nova" to the floating IP subnet,
but that didn't do it: Neutron refuses to attach the port to a VM.
Do you know why? How and what and where should we patch Neutron to fix this?
3/ IPv6 dual stack
I tried to setup a dual-stack network, and failed. How should this be
done? Should we add v6 subnets to segments and one subnet with the type
--service-type 'network:router_gateway' as well? This is what I tried
but it didn't work for me. Should tenants create their own v6 subnet out
of the v6 subnet pool I provisioned as admin?
Cheers,
Thomas Goirand (zigo)
P.S: Please keep my Infomaniak colleagues as Cc.