[openstack-dev] [neutron + ovn] Does neutron ovn plugin support to setup multiple neutron networks for one container?

WANG, Ming Hao (Tony T) tony.a.wang at alcatel-lucent.com
Thu Sep 24 14:37:31 UTC 2015 

Russell,

Thanks for your detail explanation and kind help!
I have understand how container in VM can acquire network interfaces in different neutron networks now.
For the connections between compute nodes, I think I need to study Geneve protocol and VTEP first.
Any further question, I may need to continue consulting you. :-) 

Thanks for your help again, 
Tony

-----Original Message-----
From: Russell Bryant [mailto:rbryant at redhat.com] 
Sent: Wednesday, September 23, 2015 10:22 PM
To: OpenStack Development Mailing List (not for usage questions); WANG, Ming Hao (Tony T)
Subject: Re: [openstack-dev] [neutron + ovn] Does neutron ovn plugin support to setup multiple neutron networks for one container?

I'll reply to each of your 3 messages here:

On 09/23/2015 05:57 AM, WANG, Ming Hao (Tony T) wrote:
> Hi Russell,
> 
> I just realized OVN plugin is an independent plugin of OVS plugin.

Yes, it's a plugin developed in the "networking-ovn" project.

http://git.openstack.org/cgit/openstack/networking-ovn/

> In this case, how do we handle the provider network connections between compute nodes? Is it handled by OVN actually?

I'm going to start by explaining the status of OVN itself, and then I'll come back and address the Neutron integration:

 -- OVN --

OVN implements logical networks as overlays using the Geneve protocol.
Connecting from logical to physical networks is done by one of two ways.

The first is using VTEP gateways.  This could be hardware or software gateways that implement the hardware_vtep schema.  This is typically a TOR switch that supports the vtep schema, but I believe someone is going to build a software version based on ovs and dpdk.  OVN includes a daemon called "ovn-controller-vtep" that is run for each vtep gateway to manage connectivity between OVN networks and the gateway.  It could run on the switch itself, or some other management host.  The last set of patches to get this working initially were merged just 8 days ago.

The ovn-architecture document describes "Life Cycle of a VTEP gateway":


https://github.com/openvswitch/ovs/blob/master/ovn/ovn-architecture.7.xml#L820

or you can find a temporary copy of a rendered version here:

  http://www.russellbryant.net/ovs-docs/ovn-architecture.7.pdf

The second is what Neutron refers to as "provider networks".  OVN does support this, as well.  It was merge just a couple weeks ago.  The commit message for OVN "localnet" ports goes into quite a bit of detail about how this works in OVN:


https://github.com/openvswitch/ovs/commit/c02819293d52f7ea7b714242d871b2b01f57f905

 -- Neutron --

Both of these things are freshly implemented in OVN so the Neutron integration is a WIP.

For vtep gateways, there's not an established API.  networking-l2gw is the closest thing, but I've got some concerns with both the API and implementation.  As a first baby step, we're just going to provide a hack that lets an admin create a connection between a network and gateway using a neutron port with a special binding:profile.  We'll also be continuing to look at providing a proper API.

For provider networks, working with them in Neutron will be no different than it is today with the current OVS support.  I just have to finish the Neutron plugin integration, which I just started on yesterday.

> 
> Thanks,
> Tony
> 
> -----Original Message-----
> From: WANG, Ming Hao (Tony T)
> Sent: Wednesday, September 23, 2015 1:58 PM
> To: WANG, Ming Hao (Tony T); 'OpenStack Development Mailing List (not for usage questions)'
> Subject: RE: [openstack-dev] [neutron + ovn] Does neutron ovn plugin support to setup multiple neutron networks for one container?
> 
> Hi Russell,
> 
> Is there any material to explain how OVN parent port work?

Note that while this uses a binding:profile hack for now, we're going to update the plugin to support the vlan-aware-vms API for this use case once that is completed.

http://docs.openstack.org/developer/networking-ovn/containers.html

http://specs.openstack.org/openstack/neutron-specs/specs/liberty/vlan-aware-vms.html

https://github.com/openvswitch/ovs/blob/master/ovn/CONTAINERS.OpenStack.md

https://github.com/shettyg/ovn-docker

> Thanks,
> Tony
> 
> -----Original Message-----
> From: WANG, Ming Hao (Tony T)
> Sent: Wednesday, September 23, 2015 10:02 AM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: RE: [openstack-dev] [neutron] Does neutron ovn plugin support to setup multiple neutron networks for one container?
> 
> Russell,
> 
> Thanks for your info.
> If I want to assign multiple interfaces to a container on different 
> neutron networks(for example, netA and netB), is it mandatory to let 
> the VM hosting containers have network interfaces in netA and netB, 
> and ovn will help to direct the container traffic to its corresponding 
> VM network interfaces?
> 
> from https://github.com/openvswitch/ovs/blob/master/ovn/CONTAINERS.OpenStack.md :
> "This VLAN tag is stripped out in the hypervisor by OVN."
> I suppose when the traffic goes out the VM, the VLAN tag has already been stripped out. 
> When the traffic arrives ovs on physical host, it will be tagged with neutron local vlan. Is it right?

Hopefully the links provided in response to the above mail help explain it.  In short, the VM only needs one network interface and all traffic for all containers go over that network interface.  To put each container on different Neutron networks, the hypervisor needs to be able to differentiate the traffic from each container even though its all going over the same network interface to/from the VM.  That's where VLAN ids are used.  It's used as a simple way to tag traffic as it goes over the VMs network interface.  As it arrives in the VM, the tag is stripped and traffic sent to the right container.  As it leaves the VM, the tag is stripped and then forwarded to the proper Neutron network (which could itself be a VLAN network, but the tags are not related, and the traffic would be re-tagged at that point).

Does that make sense?

> Thanks in advance,
> Tony
> 
> -----Original Message-----
> From: Russell Bryant [mailto:rbryant at redhat.com]
> Sent: Wednesday, September 23, 2015 12:46 AM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [neutron] Does neutron ovn plugin support to setup multiple neutron networks for one container?
> 
> On 09/22/2015 08:08 AM, WANG, Ming Hao (Tony T) wrote:
>> Dear all,
>>
>> For neutron ovn plugin supports containers in one VM, My understanding is one container can't be assigned two network interfaces in different neutron networks. Is it right?
>> The reason:
>> 1. One host VM only has one network interface.
>> 2. all the VLAN tags are stripped out when the packet goes out the VM.
>>
>> If it is True, does neutron ovn plugin or ovn has plan to support this?
> 
> You should be able to assign multiple interfaces to a container on different networks.  The traffic for each interface will be tagged with a unique VLAN ID on its way in and out of the VM, the same way it is done for each container with a single interface.
> 
> --
> Russell Bryant
> 
> ______________________________________________________________________
> ____ OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> ______________________________________________________________________
> ____ OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 


--
Russell Bryant

More information about the OpenStack-dev mailing list