[openstack-dev] Mitaka, Xenial, OVS Firewall Driver, DPDK, VXLAN and Provider Networks
amuller at redhat.com
Mon Feb 29 03:41:47 UTC 2016
On Sat, Feb 27, 2016 at 6:55 PM, Martinx - ジェームズ
<thiagocmartinsc at gmail.com> wrote:
> Hey guys!
> Next Ubuntu and Mitaka are promising something ultra mega cool!
> Look at this!
> root at mitaka-1:~# apt install neutron-openvswitch-agent
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following additional packages will be installed:
> dpdk libdpdk0 openvswitch-common openvswitch-switch
> Xenial will brings DPDK-2.2 fully supported for 5 years!
> However, I am curious about the following scenarios:
> Will be possible to use, at the same time (same Network and Compute nodes /
> Host Aggregate):
> 1- Regular OVS bridges without DPDK for VXLAN Networks, with
> OVS-Firewall-Driver and;
> 2- OVS powered by DPDK for Provider Networks only ( without any firewall,
> current case anyway, due to
Currently, a host may run a single OVS agent, configured for either
regular OVS or OVS-DPDK. You cannot run both on a single host. You can
mix and match between different hosts though. It is something we
discussed a bit, but no concrete plans to change this at this time.
We could support this by allowing an OVS agent to support two
datapaths simultaneously by configuring two integration bridges, each
with its own type. We would add a DPDK VNIC type so Nova would plug
the VNIC to the correct bridge. Each integration bridge would have its
own bridge mappings (The kernel datapath integration bridge would be
connected to br-tun or to a VLAN bridge, and the DPDK datapath
integration bridge would be connected to its own set of VLAN provider
bridges. Another way to accomplish this use case is to start two OVS
agents on the same host, each configured appropriately, but we'd need
to make changes to ML2 to support this, perhaps differentiate between
the two agents via an agent_type and bind ports appropriately. Again,
we'd need a new VNIC type for DPDK ports.
> I have NFV Instances that are also, DPDK L2 Bridges running on KVM Guest /
> VirtIO, that are physically wired using Provider Networks (flat and vlans).
> So, for the Instance's vNICs (eth1 and eth2) that are used as a L2 bridge,
> I don't want any kind of ovs-firewall (I'm not affected by LP #1531205 on
> this case) and I want OVS+DPDK under it but, for SSH into the Instance to
> manage it (via its eth0), it is still using regular VXLAN with Security
> Groups - OVS-Firewall from now on (no need for DPDK under eth0 / VXLAN).
> I'm curious about this specially because the OVS Ubuntu package, makes use
> of Debian's Alternatives subsystem, and we need to choose one OVS (default),
> or another (with DPDK), via "update-alternatives", so, will be possible to
> select OVS with DPDK but, use regular bridges with it as well (for VXLAN
> If yes, how to create a VXLAN network with regular OVS and another
> FLAT/VLAN network with OVS+DPDK ?
> Thanks in advance!
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev