[openstack-dev] Mitaka, Xenial, OVS Firewall Driver, DPDK, VXLAN and Provider Networks

Kevin Benton kevin at benton.pub
Mon Feb 29 05:30:04 UTC 2016


We aren't too far off from being able to support this now. The agent-based
ML2 drivers already bind based on a combination of VNIC type and the host
so multiple agents with different types can run on the same host.

I think the only part that is missing is each driver being able to inform
Nova which bridge to plug into.
On Feb 28, 2016 7:48 PM, "Assaf Muller" <amuller at redhat.com> wrote:

> On Sat, Feb 27, 2016 at 6:55 PM, Martinx - ジェームズ
> <thiagocmartinsc at gmail.com> wrote:
> > Hey guys!
> >
> >  Next Ubuntu and Mitaka are promising something ultra mega cool!
> >
> >  Look at this!
> >
> > ---
> > root at mitaka-1:~# apt install neutron-openvswitch-agent
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > The following additional packages will be installed:
> >   dpdk libdpdk0 openvswitch-common openvswitch-switch
> > ---
> >
> >  Xenial will brings DPDK-2.2 fully supported for 5 years!
> >
> >  However, I am curious about the following scenarios:
> >
> >  Will be possible to use, at the same time (same Network and Compute
> nodes /
> > Host Aggregate):
> >
> >  1- Regular OVS bridges without DPDK for VXLAN Networks, with
> > OVS-Firewall-Driver and;
> >
> >  2- OVS powered by DPDK for Provider Networks only ( without any
> firewall,
> > current case anyway, due to
> > https://bugs.launchpad.net/neutron/+bug/1531205).
>
> Currently, a host may run a single OVS agent, configured for either
> regular OVS or OVS-DPDK. You cannot run both on a single host. You can
> mix and match between different hosts though. It is something we
> discussed a bit, but no concrete plans to change this at this time.
>
> We could support this by allowing an OVS agent to support two
> datapaths simultaneously by configuring two integration bridges, each
> with its own type. We would add a DPDK VNIC type so Nova would plug
> the VNIC to the correct bridge. Each integration bridge would have its
> own bridge mappings (The kernel datapath integration bridge would be
> connected to br-tun or to a VLAN bridge, and the DPDK datapath
> integration bridge would be connected to its own set of VLAN provider
> bridges. Another way to accomplish this use case is to start two OVS
> agents on the same host, each configured appropriately, but we'd need
> to make changes to ML2 to support this, perhaps differentiate between
> the two agents via an agent_type and bind ports appropriately. Again,
> we'd need a new VNIC type for DPDK ports.
>
> >
> > ?
> >
> >  I have NFV Instances that are also, DPDK L2 Bridges running on KVM
> Guest /
> > VirtIO, that are physically wired using Provider Networks (flat and
> vlans).
> >
> >  So, for the Instance's vNICs (eth1 and eth2) that are used as a L2
> bridge,
> > I don't want any kind of ovs-firewall (I'm not affected by LP #1531205 on
> > this case) and I want OVS+DPDK under it but, for SSH into the Instance to
> > manage it (via its eth0), it is still using regular VXLAN with Security
> > Groups - OVS-Firewall from now on (no need for DPDK under eth0 / VXLAN).
> >
> >  I'm curious about this specially because the OVS Ubuntu package, makes
> use
> > of Debian's Alternatives subsystem, and we need to choose one OVS
> (default),
> > or another (with DPDK), via "update-alternatives", so, will be possible
> to
> > select OVS with DPDK but, use regular bridges with it as well (for VXLAN
> > networks)?
> >
> >  If yes, how to create a VXLAN network with regular OVS and another
> > FLAT/VLAN network with OVS+DPDK ?
> >
> >  Thanks in advance!
> >
> > Best,
> > Thiago
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160228/08a15de4/attachment.html>


More information about the OpenStack-dev mailing list