[openstack-dev] [neutron][tricircle]DVR issue in cross Neutron networking

joehuang joehuang at huawei.com
Mon Dec 5 08:03:09 UTC 2016


Hello,

 Tricircle plans to provide L2 network across Neutron to ease supporting high
 availability of application:

 For example, in the following figure, the application is consisted of
 instance1 and instance2, these two instances will be deployed into two
 OpenStack. Intance1 will provide service through "ext net1"(i.e, external
 network in OpenStack1), and Instance2 will provide service through
 "ext net2". Instance1 and Instance2 will be plugged into same L2 network
 net3 for data replication( for example database replication ).

  +-----------------+       +-----------------+
  |OpenStack1       |       |OpenStack2       |
  |                 |       |                 |
  | ext net1        |       | ext net2        |
  |   +-----+-----+ |       |   +-----+-----+ |
  |         |       |       |         |       |
  |         |       |       |         |       |
  |      +--+--+    |       |      +--+--+    |
  |      |     |    |       |      |     |    |
  |      | R1  |    |       |      | R2  |    |
  |      |     |    |       |      |     |    |
  |      +--+--+    |       |      +--+--+    |
  |         |       |       |         |       |
  |         |       |       |         |       |
  |     +---+-+-+   |       |     +---+-+-+   |
  |     net1  |     |       |     net2  |     |
  |           |     |       |           |     |
  |  +--------+--+  |       |  +--------+--+  |
  |  | Instance1 |  |       |  | Instance2 |  |
  |  +-----------+  |       |  +-----------+  |
  |         |       |       |         |       |
  |         |       | net3  |         |       |
  |  +------+-------------------------+----+  |
  |                 |       |                 |
  +-----------------+       +-----------------+

 When we deploy the application in such a way, no matter which part of the
 application stops providing service, the other part can still provide
 service, and take the workload from the failure one. It'll bring the failure
 tolerance no matter the failure is due to OpenStack crush or upgrade, or
 part of the application crush or upgrade.

 This mode can work very well and helpful, and router R1 R2 can run in DVR
 or legacy mode.

 While during the discussion and review of the spec:
 https://review.openstack.org/#/c/396564/, in this deployment, the end user
 has to add two NICs for each instance, one for the net3(a L2 network across
 OpenStack). And the net3 (a L2 network across OpenStack) can not be allowed
 to add_router_interface to router R1 R2, this is not good in networking.

 If the end user wants to do so, there is DVR MAC issues if more than one L2
 network across OpenStack are performed add_router_interface to router R1 R2.

 Let's look at the following deployment scenario:
 +-----------------+       +-------------------+
 |OpenStack1       |       |OpenStack2         |
 |                 |       |                   |
 | ext net1        |       | ext net2          |
 |   +-----+-----+ |       |   +-----+-----+   |
 |         |       |       |         |         |
 |         |       |       |         |         |
 | +-------+--+    |       |      +--+-------+ |
 | |          |    |       |      |          | |
 | |    R1    |    |       |      |   R2     | |
 | |          |    |       |      |          | |
 | ++------+--+    |       |      +--+-----+-+ |
 |  |      |       |       |         |     |   |
 |  |      |       | net3  |         |     |   |
 |  |   -+-+-------------------+-----+--+  |   |
 |  |    |         |       |   |           |   |
 |  | +--+-------+ |       | +-+---------+ |   |
 |  | | Instance1| |       | | Instance2 | |   |
 |  | +----------+ |       | +-----------+ |   |
 |  |              | net4  |               |   |
 | ++-------+--------------------------+---+-+ |
 |          |      |       |           |       |
 |  +-------+---+  |       |  +--------+---+   |
 |  | Instance3 |  |       |  | Instance4  |   |
 |  +-----------+  |       |  +------------+   |
 |                 |       |                   |
 +-----------------+       +-------------------+

 net3 and net4 are two L2 network across OpenStacks. These two networks will
 be added router interface to R1 R2. Tricircle can help this, and addressed
 the DHCP and gateway challenges: different gateway port for the same network
 in different OpenStack, so there is no problem for north-south traffic, the
 north-south traffic will goes to local external network directly, for example,
 Instance1->R1->ext net1, instance2->R2->ext net2.

 The issue is in east-west traffic if R1 R2 are running in DVR mode:
 when instance1 tries to ping instance4, DVR MAC replacement will happen before
 the packet leaves the host where the instance1 is running, when the packet
 arrives at the host where the instance4 is running, because DVR MAC replacement,
 the source mac(DVR MAC from OpenStack1) of the packet could not be recognized
 in OpenStack2, thus the packet will be dropped, and the ping fails.

 The latter one deployment bring more flexibility in networking capability,
 and don't have to prevent the L2 network across OpenStack from
 add_router_interface to DVR mode routers, otherwise, only legacy router can be
 supported for L2 network across OpenStack.

 Any thought on how to address this issue to make DVR and L2 network across
 OpenStack be able to co-work together?

 And also welcome to review the patch for different networking
 scenarios:
 Layer-3 networking and combined bridge network spec
 ( https://review.openstack.org/#/c/396564/)

Best Regards
Chaoyi Huang(joehuang)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161205/85a8eaa7/attachment.html>


More information about the OpenStack-dev mailing list