[openstack-dev] [neutron] ML2 vlan type driver does not honor network_vlan_ranges

Xuhan Peng pengxuhan at gmail.com
Mon Jan 20 08:49:15 UTC 2014 

In my opinion the provider network extension can also be used for mapping
the tenant network directly to the physical network. For example, as shown
in the official admin guide openvswitch scenario1 [1], we can configure
tenant network to use segmentation id 101 to connect to VLAN 101 of
physical switch.

$ neutron net-create --tenant-id $tenant net01 \
          --provider:network_type vlan \
          --provider:physical_network physnet2 \
          --provider:segmentation_id 101

For this kind of use case, I think it makes sense to enforce the
segmentation id in the range of network_vlan_range in ml2_conf.ini

[1]
http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html#under_the_hood_openvswitch_scenario1




On Fri, Jan 17, 2014 at 5:31 AM, Henry Gessau <gessau at cisco.com> wrote:

> network_vlan_ranges is a 'pool' of vlans from which to pick a vlans for
> tenant networks. Provider networks are not confined to this pool. In fact,
> I
> believe it is a more common use-case that provider vlans are outside the
> pool so that they do not conflict with tenant vlan allocation.
>
> -- Henry
>
> On Thu, Jan 16, at 3:45 pm, Paul Ward <wpward at us.ibm.com> wrote:
>
> > In testing some new function I've written, I've unsurfaced the problem
> that
> > the ML2 vlan type driver does not enforce the vlan range specified in the
> > network_vlan_ranges option in ml2_conf.ini file.  It is properly
> enforcing
> > the physical network name, and even checking to be sure the
> segmentation_id
> > is valid in the sense that it's not outside the range of ALL valid vlan
> ids.
> >  But it does not actually enforce that segmentation_id is within the vlan
> > range specified for the given physical network in network_vlan_ranges.
> >
> > The fix I propose is simple.  Add the following check to
> > /neutron/plugins/ml2/drivers/type_vlan.py
> > (TypeVlanDriver.validate_provider_segment()):
> >
> >         range_min, range_max =
> self.network_vlan_ranges[physical_network][0]
> >         if segmentation_id not in range(range_min, range_max):
> >             msg = (_("segmentation_id out of range (%(min)s through "
> >                      "%(max)s)") %
> >                    {'min': range_min,
> >                     'max': range_max})
> >             raise exc.InvalidInput(error_message=msg)
> >
> > This would go near line 182 in
> >
> https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_vlan.py
> .
> >
> > One question I have is whether self.network_vlan_ranges[physical_network]
> > could actually be an empty list rather than a tuple representing the vlan
> > range.  I believe that should always exist, but the documentation is not
> > clear on this.  For reference, the corresponding line in ml2_conf.ini is
> this:
> >
> > [ml2_type_vlan]
> > network_vlan_ranges = default:1:4093
> >
> > Thanks in advance to any that choose to provide some insight here!
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140120/7356f765/attachment.html>

More information about the OpenStack-dev mailing list