[openstack-dev] Why need br-int and br-tun in openstack neutron

Mike Kolesnik mkolesni at redhat.com
Mon May 25 06:55:15 UTC 2015 

----- Original Message -----
> Comments in-line.
> 
> ----- Original Message -----
> > On 23 May 2015 at 04:43, Assaf Muller < amuller at redhat.com > wrote:
> > 
> > 
> > 
> > There's no real reason as far as I'm aware, just an implementation
> > decision.
> > 
> > This is inaccurate. There is a reason(s), and this has been asked before:
> > 
> > http://lists.openstack.org/pipermail/openstack/2014-March/005950.html
> 
> This link is to a thread asking why do we connect a Linux bridge between a
> tap
> device and br-int (For security groups).
> 
> > http://lists.openstack.org/pipermail/openstack/2014-April/006865.html
> 
> This link is to this thread itself.

No it's from another author but just the same text (almost exactly).
i.e. https://www.diffchecker.com/xl98zm9a

Either it's the same poster or some freak coincidence, or just some copy paste..

Also Vivek gave the correct answer on that thread:
http://lists.openstack.org/pipermail/openstack/2014-April/006868.html

In a nutshell, decoupling the overlay layer from the VM connectivity.
VMs are always connected to the br-int the same way, but the overlay
(vxlan/gre or vlans) is connected differently.

> 
> > 
> > In a nutshell, the design decision that led to the existing architecture is
> > due to the way OVS handles packets and interact with netfilter.
> 
> I think you're talking about the bridge between a tap device and br-int and
> not about br-tun.
> 
> > 
> > The fact that we keep asking the same question clearly shows lack of
> > documentation, both developer and user facing.
> > 
> > I'll get this fixed once and for all.
> 
> Thank you.
> 
> > 
> > Thanks,
> > Armando
> > 
> > 
> > 
> > 
> > 
> > 
> > On 21 במאי 2015, at 01:48, Na Zhu < nazhu at cn.ibm.com > wrote:
> > 
> > 
> > 
> > 
> > 
> > 
> > Dear,
> > 
> > 
> > When OVS plugin is used with GRE option in Neutron, I see that each compute
> > node has br-tun and br-int bridges created.
> > 
> > I'm trying to understand why we need the additional br-tun bridge here.
> > Can't we create tunneling ports in br-int bridge, and have br-int relay
> > traffic between VM ports and tunneling ports directly? Why do we have to
> > introduce another br-tun bridge?
> > 
> > 
> > Regards,
> > Juno Zhu
> > Staff Software Engineer, System Networking
> > China Systems and Technology Lab (CSTL), IBM Wuxi
> > Email: nazhu at cn.ibm.com
> > 
> > 
> > 
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org ?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > 
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > 
> > 
> > 
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list