Hi,
That is an example only, if you don't need provider network, you would like to use only overlay networks like geneve, you can use only the suggested 2 interfaces, one for management and one for traffic.

Lajos Katona (lajoskatona)

박경원 <park0kyung0won@dgist.ac.kr> ezt írta (időpont: 2022. ápr. 8., P, 7:07):

Hello everyone

I'm trying to setup openstack cluster with openvswitch, following the guide in link below

https://docs.openstack.org/neutron/yoga/admin/deploy-ovs-selfservice.html


Diagram in the link above states that compute nodes should have three interfaces(management, overlay and provider)

My question is, do I really need separated management network and overlay network? (I only have two switches)

It seems like overlay traffic between VMs in virtual network are encapsulated with GENEVE, will not escape to management network.

Is there any possible security risk of using the same network for both overlay and management? (not performance concerns but security)


Thank you in advance!