Two subnets under same network context.
Hi, I have observed that one can create two subnets under the same network scope. See below an example of the use case. [image: Screen Shot 2020-08-01 at 2.22.15 PM.png] Upon checking the data structures, I saw that the segment type (vlan) and segment id (55) is associated with the "network" object and not with the "subnet" (I was under impression that the segment type (vlan) and segment id (55) would be allocated to the "subnet"). When I create the VM instances, they always pick the IP address from the SUBNET1-2 IP range. If the segment (vlan 55) is associated with "network" then what is the reason two "subnets" are allowed under it? Does it mean that VM instances from both these subnets would be configured under the same VLAN? /anil.
Hello, Network object is an isolation layer, it's defined by the cloud administrator: isolation type (VLAN, VXLAN...), physical NIC.. The subnet is a free value to cloud users, this mechanism allows multiples users to use same L3 networks (overlapping). So the network is used by admin to isolate the client and subnet is used by client to "isolate" his instances (webfont / db ...). Isolation works only on layer3 because all subnets will use the same layer2 (defined by admin). It's very easy to verify: boot one instance on each subnet then capture the traffic: you will see ARP trames. I dont know why Neutron drains all IP from last network but anyway the best practice is to create port then allocate to instance. Does it mean that VM instances from both these subnets would be configured under the same VLAN? > yes Best regards, Romain ________________________________ From: Anil Jangam <anilj.mailing@gmail.com> Sent: Saturday, August 1, 2020 11:36 PM To: openstack-discuss Subject: Two subnets under same network context. Hi, I have observed that one can create two subnets under the same network scope. See below an example of the use case. [Screen Shot 2020-08-01 at 2.22.15 PM.png] Upon checking the data structures, I saw that the segment type (vlan) and segment id (55) is associated with the "network" object and not with the "subnet" (I was under impression that the segment type (vlan) and segment id (55) would be allocated to the "subnet"). When I create the VM instances, they always pick the IP address from the SUBNET1-2 IP range. If the segment (vlan 55) is associated with "network" then what is the reason two "subnets" are allowed under it? Does it mean that VM instances from both these subnets would be configured under the same VLAN? /anil.
On 8/2/20 12:27 PM, CHANU ROMAIN wrote:
Hello,
Network object is an isolation layer, it's defined by the cloud administrator: isolation type (VLAN, VXLAN...), physical NIC.. The subnet is a free value to cloud users, this mechanism allows multiples users to use same L3 networks (overlapping). So the network is used by admin to isolate the client and subnet is used by client to "isolate" his instances (webfont / db ...).
No, this isn't the way it works. Thomas
Hi, This is "normal". You can have many subnets (both IPv4 and IPv6 in the one network). By default Neutron will associate to the port IP address only from one subnet of one type (IPv4/IPv6) but You can change it and tell Neutron to allocate for the port IP adresses from more than one subnet. If You have both IPv4 and IPv6 subnets in the network, Neutron will by default allocate one IPv4 and one IPv6 to each port. But again, You can manually tell Neutron to use e.g. only IPv6 address for specific port. Please check [1] and [2] for more details. [1] https://docs.openstack.org/neutron/latest/admin/intro-os-networking.html [2] https://docs.openstack.org/api-ref/network/v2/ W dniu 01.08.2020 o 23:36, Anil Jangam pisze:
Hi,
I have observed that one can create two subnets under the same network scope. See below an example of the use case.
[image: Screen Shot 2020-08-01 at 2.22.15 PM.png] Upon checking the data structures, I saw that the segment type (vlan) and segment id (55) is associated with the "network" object and not with the "subnet" (I was under impression that the segment type (vlan) and segment id (55) would be allocated to the "subnet").
When I create the VM instances, they always pick the IP address from the SUBNET1-2 IP range. If the segment (vlan 55) is associated with "network" then what is the reason two "subnets" are allowed under it?
Does it mean that VM instances from both these subnets would be configured under the same VLAN?
/anil.
-- Slawek Kaplonski Principal software engineer Red Hat
On 8/1/20 11:36 PM, Anil Jangam wrote:
Hi,
I have observed that one can create two subnets under the same network scope. See below an example of the use case.
Screen Shot 2020-08-01 at 2.22.15 PM.png Upon checking the data structures, I saw that the segment type (vlan) and segment id (55) is associated with the "network" object and not with the "subnet" (I was under impression that the segment type (vlan) and segment id (55) would be allocated to the "subnet").
When I create the VM instances, they always pick the IP address from the SUBNET1-2 IP range. If the segment (vlan 55) is associated with "network" then what is the reason two "subnets" are allowed under it?
Does it mean that VM instances from both these subnets would be configured under the same VLAN?
/anil.
Hi, If you want to use segments, with a different address range depending on where a compute is physically located (for example, a rack...), then you should first set a different name for the physical network of your nodes. This is done by tweaking these: [ml2_type_flat] flat_networks = rack-number-1 [ml2_type_vlan] network_vlan_ranges = rack-number-1 Then you can: 1/ create a network scope 2/ create a network using that scope, a vlan and "--provider-physical-network rack-number-1" and --provider-segment 3/ create a subnet pool using the network scope created above 4/ create a subnet attached to the subnet pool and network segment Then you can create more network segment + subnet couples addressing different location. Once you're done, VMs will get a different range depending on the rack they are in. Cheers, Thomas Goirand (zigo)
participants (4)
-
Anil Jangam
-
CHANU ROMAIN
-
Slawek Kaplonski
-
Thomas Goirand