Migration from linuxbridge to ovs
Hello,
Can You share some thoughts/ideas or some clues regarding migration from linux bridge to ovs ? Does this migration is posible without interrupting traffic from VMs ?
We have now linuxbridge with l3-ha, and we noticed that for example when doing live migration of VM from linuxbridge baked compute to openvswitch compute is created bridge... inside openvswitch, instead adding qvo device to br-int:
Bridge brq91dc40ac-ea datapath_type: system Port qvo84e2bd98-e9 Interface qvo84e2bd98-e9 Port brq91dc40ac-ea Interface brq91dc40ac-ea type: internal
After removing the brq91dc40ac-ea from ovs, and hard reboot, the qvo interface is added properly to br-int:
Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure datapath_type: system Port qvo84e2bd98-e9 tag: 1 Interface qvo84e2bd98-e9
Also, before hard reboot, there is no flow for br-int or any other openvswitch bridge regarding this VM/ip.
Does anyone have same problems ? Have tried to migrate from lb to ovs ?
Openstack version: ussuri OS: ubuntu 20
Regards Lukasz
Hi Lukasz:
This is happening because you are using the "iptables_hybrid" firewall driver in the OVS agent. That creates a namespace where a set of iptables is defined (firewall rules) and a linux bridge, that is connected to OVS using a veth pair [1]. If you need the native plug implementation, then use the native firewall (or don't use any). That will create a TAP port directly connected to the integration bridge.
Regards.
[1]https://www.rdoproject.org/networking/networking-in-too-much-detail/
On Thu, Mar 30, 2023 at 12:11 PM Luk skidoo@tlen.pl wrote:
Hello,
Can You share some thoughts/ideas or some clues regarding migration from linux bridge to ovs ? Does this migration is posible without interrupting traffic from VMs ?
We have now linuxbridge with l3-ha, and we noticed that for example when doing live migration of VM from linuxbridge baked compute to openvswitch compute is created bridge... inside openvswitch, instead adding qvo device to br-int:
Bridge brq91dc40ac-ea datapath_type: system Port qvo84e2bd98-e9 Interface qvo84e2bd98-e9 Port brq91dc40ac-ea Interface brq91dc40ac-ea type: internalAfter removing the brq91dc40ac-ea from ovs, and hard reboot, the qvo interface is added properly to br-int:
Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure datapath_type: system Port qvo84e2bd98-e9 tag: 1 Interface qvo84e2bd98-e9
Also, before hard reboot, there is no flow for br-int or any other openvswitch bridge regarding this VM/ip.
Does anyone have same problems ? Have tried to migrate from lb to ovs ?
Openstack version: ussuri OS: ubuntu 20
Regards Lukasz
On 30/03/2023 12:10, Luk wrote:
Can You share some thoughts/ideas or some clues regarding migration from linux bridge to ovs ? Does this migration is posible without interrupting traffic from VMs ?
I asked a similar questions back in August - https://lists.openstack.org/pipermail/openstack-discuss/2022-August/030070.h..., maybe there are some insights there.
We did not replace the SDN in place, but as actively looking into setting up a new cloud. Not that we do not believe in the idea of being able to replace the SDN, but we intend to change much much more and migrating through many big changes is too inefficient compared to replacing the cloud with a new one.
Regards
Christian
Cześć,
On 30/03/2023 12:10, Luk wrote:
Can You share some thoughts/ideas or some clues regarding migration from linux bridge to ovs ? Does this migration is posible without interrupting traffic from VMs ?
I asked a similar questions back in August - https://lists.openstack.org/pipermail/openstack-discuss/2022-August/030070.h..., maybe there are some insights there.
Thank You, this thread is quite good in this case :)
We did not replace the SDN in place, but as actively looking into setting up a new cloud. Not that we do not believe in the idea of being able to replace the SDN, but we intend to change much much more and migrating through many big changes is too inefficient compared to replacing the cloud with a new one.
It looks the best way...
Anyway - there is chance to make live migration between lb and openvswitch, but need to add flows by hand and add proper tag into br-int - and this 'solution' works only for external/provider network. As Sławek pointed out - in case of vxlan connection there is no opportunity to connect neturon ovs controller with linuxbridge compute nodes.
participants (3)
-
Christian Rohmann
-
Luk
-
Rodolfo Alonso Hernandez