Hi Slavek,
thank you for the reply.
...
> At the step 1.7. we can see FIPs are not accessible after L3 agent re-configuration. Revert of the L3 agent configuration into `dvr` mode helps to get back the FIP connectivity.
You don't have connectivity because You set agent into the mode where it don't have external connectivity. That's why it not works for you :)
This is correct, but I thought FIP traffic should be routed via
network node then (when switched to dvr_no_external), isn't that
correct?
>
> Our questions are:
>
> 1. Principally, can we get rid of `hypervisor network:floatingip_agent_gateway` ports by switching L3 agent to dvr_no_external mode? Can you think of a better way?
Using ML2/ovs with DVR requires to use one such IP address per compute node per external network. You can't avoid that. You can configure some 'special' subnet in the network to use IPs from that subnet for that purpose. See https://docs.openstack.org/neutron/latest/admin/config-service-subnets.html
You can also e.g. migrate to ML2/OVN backend which don't have this limitation.
Thank you for your guidance here. I was looking into service
subnets already.
In my case I have single ostack network entity with two subnets as
described below [10].
There are two physical external provider /24 networks on same VLAN
id (same ostack segment).
To move `hypervisor network:floatingip_agent_gateway` ports from
two physical external provider /24 networks I believe:
* I cannot use internal ostack vxlan network, it has to be same
segment i.e. provider network vlan on same VLAN id. is that
correct?
* This service subnet can have internal addresses for instance
10.0.0.0/16. Correct?
* This service subnet has to be externally routed and NATed so
traffic can get to the internet and back. Correct?
* How many addresses I would need? I assume max. number of ostack
compute nodes correct?
Now let's assume I have another couple of external networks which are smaller like ipv4 /25 or /26, those (each) has separate network which has single subnet. Do I need to create for those also specific service subnets?
Thanks for your response in advance.
Kind Regards,
František
[freznicek@lenovo-t14
dvr_to_dvr_no_external-20240913_175901 0]$ openstack network
show external-ipv4-general-public
+---------------------------+----------------------------------------------------------------------------+
| Field |
Value
|
+---------------------------+----------------------------------------------------------------------------+
| admin_state_up |
UP
|
| availability_zone_hints |
nova
|
| availability_zones |
nova
|
| dns_domain |
None
|
| id |
95e346fd-a52f-4498-84aa-23f2da323429
|
| is_default |
False
|
| is_vlan_transparent |
None
|
| l2_adjacency |
True
|
| mtu |
9000
|
| name |
external-ipv4-general-public
|
| port_security_enabled |
True
|
| project_id |
2139f9e4d92e4a2ba77b781e01d6d3b0
|
| provider:network_type |
vlan
|
| provider:physical_network |
provider
|
| provider:segmentation_id |
716
|
| qos_policy_id |
None
|
| revision_number |
36
|
| router:external |
External
|
| segments |
None
|
| shared |
False
|
| status |
ACTIVE
|
| subnets |
51299ee0-ac11-49a9-b773-dde916e20a5f,
bcd6cc41-1238-4925-b597-aa6c1929685b |
| tags
|
|
| tenant_id |
2139f9e4d92e4a2ba77b781e01d6d3b0
|
+---------------------------+----------------------------------------------------------------------------+
[freznicek@lenovo-t14
dvr_to_dvr_no_external-20240913_175901 2]$ openstack subnet show
51299ee0-ac11-49a9-b773-dde916e20a5f
+----------------------+--------------------------------------------+
| Field |
Value |
+----------------------+--------------------------------------------+
| allocation_pools |
147.251.245.3-147.251.245.254 |
| cidr |
147.251.245.0/24 |
| dns_nameservers | ..., 8.8.8.8 |
| dns_publish_fixed_ip |
None |
| enable_dhcp |
False |
| gateway_ip |
147.251.245.1 |
| host_routes
| |
| id |
51299ee0-ac11-49a9-b773-dde916e20a5f |
| ip_version |
4 |
| name |
external-ipv4-general-public-147-251-245-0 |
| network_id |
95e346fd-a52f-4498-84aa-23f2da323429 |
| project_id |
2139f9e4d92e4a2ba77b781e01d6d3b0 |
| revision_number |
0 |
| segment_id |
None |
| service_types
| |
| subnetpool_id |
None |
+----------------------+--------------------------------------------+
[freznicek@lenovo-t14 dvr_to_dvr_no_external-20240913_175901 0]$
openstack subnet show bcd6cc41-1238-4925-b597-aa6c1929685b
+----------------------+--------------------------------------------+
| Field |
Value |
+----------------------+--------------------------------------------+
| allocation_pools |
147.251.255.2-147.251.255.254 |
| cidr |
147.251.255.0/24 |
| description
| |
| dns_nameservers | ..., 8.8.8.8 |
| dns_publish_fixed_ip |
None |
| enable_dhcp |
False |
| gateway_ip |
147.251.255.1 |
| host_routes
| |
| id |
bcd6cc41-1238-4925-b597-aa6c1929685b |
| ip_version |
4 |
| ipv6_address_mode |
None |
| ipv6_ra_mode |
None |
| name |
external-ipv4-general-public-147-251-255-0 |
| network_id |
95e346fd-a52f-4498-84aa-23f2da323429 |
| project_id |
2139f9e4d92e4a2ba77b781e01d6d3b0 |
| revision_number |
4 |
| segment_id |
None |
| service_types
| |
| subnetpool_id |
None |
+----------------------+--------------------------------------------+