[neutron] OpenStack Port Creation process
Hi,
I want to understand the Port Creation process in OpenStack.
1. What happens in the background when we create a Port with Security Groups? Does it create the port in the Control Plane level or is neutron involved in this?
2. How does the port obtain the IP address from DHCP and Who initiates this DHCP Process?
3. Is there any docs/links available for the same?
Thanks, Dhana
Hi,
Dnia poniedziałek, 16 maja 2022 21:08:21 CEST Dhanasekar Kandasamy pisze:
Hi,
I want to understand the Port Creation process in OpenStack.
- What happens in the background when we create a Port with Security
Groups? Does it create the port in the Control Plane level or is neutron involved in this?
When You call neutron API e.g. with CLI like:
openstack port create <network_id>
then Neutron creates port in given network. It is just entry in the Neutron DB, nothing else. Neutron tries then to allocate IP address for the port from one of the subnets existing in that network (or from 2 subnets if there is IPv4 and IPv6 subnet available). When port is later used by e.g. Nova for some VM, Nova asks neutron to update port and to bind it on specific host. Neutron then tries to bind port with one of the available mechanism drivers. When port is bound, nova (os-vif) plugs port on the host (L1 provisioning) and then Neutron agent, or ovn-controller in case of ML2/OVN backend provisions port on the host.
- How does the port obtain the IP address from DHCP and Who initiates this
DHCP Process?
It depends on the used backend. In case of ML2/OVN it's OVN who provides DHCP service so DHCP entries are configured in OVN and OVN locally replies to the DHCP requests from the VM. In case of ML2/OVS (or Linuxbridge) there is DHCP agent which spawns and configures dnsmasq for each network. When You create port in Neutron and it allocates IP address, thennew lease is added in leases file so that dnsmasq knows what IP address should be given for specific MAC address.
- Is there any docs/links available for the same?
I'm not sure if there is something exactly like Your questions but You can find a lot of information in docs https://docs.openstack.org/neutron/latest/contributor/index.html#neutron-int...
Thanks, Dhana
On Tue, 2022-05-17 at 00:38 +0530, Dhanasekar Kandasamy wrote:
Hi,
I want to understand the Port Creation process in OpenStack.
- What happens in the background when we create a Port with Security
Groups? Does it create the port in the Control Plane level or is neutron involved in this?
it depend on what you mean by control plane.
when you create a port at the neutron api then basically it just creates a a db record. an ip address will be assigend if the ip policy is not deffered. for routed networks since the ip of the prot depends on the host/segment it is bound too the ip is not asigned until the port port is bound. for normal prot the ip is assigned at port creation but not configured in the dhcp agent until the point it attached to a vm.
- How does the port obtain the IP address from DHCP and Who initiates this
DHCP Process?
when a vm or ironic server is allocate a port either via the server create command or a port attach nova/ironic will start a process call port-binding.
in the case fo a new vm boot after teh schduler has selected a host nova will call neutron to set the binding:host-id filed with the hostname of the selected host. this will triger port binding in neutron which will result in the dhcp agent or dhcp plugin driver if you are using a odl/ovn ectra to actully configure dhcp for the port. in the case of the agent the dhcp agent will configure the mac/ip pair in the dnsmasq config.
once port binding is complete in the boot workflow nova will use that prot infomaiton to create the vm and attach the interfaces to the network backends dataplane. when the instance boots it will run its first boot configuration i.e. cloud-init which will configure the OS in teh guest for dhcp or otherwise depening on if you overrode teh default behavrio with user data.
assuming you did not cloud-init would typicly configure the instance for dhcp and the instance will use a dhcpclent to send a dhcp request. with ml2/ovs that dhcp request will be a broadcast packet that will propagate and then eventuraly reach the dhcp server which will respond. for ml2/ovn the dhcp request will be matched by an openflow rules and the local dhcp reponder built in to ovn will repond.
- Is there any docs/links available for the same?
im not sure i think there are some high level docs but this partly depends on your network backend.
Thanks, Dhana
participants (3)
-
Dhanasekar Kandasamy
-
Sean Mooney
-
Slawek Kaplonski