[openstack-dev] [neutron] Does neutron support QinQ(vlan transparent) ?

Sean Mooney work at seanmooney.info
Tue Aug 7 11:32:44 UTC 2018 

TL;DR
it wont work with the ovs agent but "should" work with linux bridge.
see full message below for details.
regards
sean.

the linux bridge agent supports the  vlan_transparent option only when
createing networks with an l3 segmentation type e.g. vxlan,gre...

ovs using the neutron l2 agnet does not supprot vlan_transparent
netwroks because of how that agent use vlans for tenant isolation on
the br-int.

it is possible to use achive vlan transparancy with ovs usign an sdn
controller such as odl or ovn but that was not what you asked in your
question so i wont expand on that futher.

if you deploy openstack with linux bridge networking and then create a
tenant network of type vxlan with vlan_transparancy set to true and
your tenants
generate QinQ traffic with an mtu reduced so that it will fix within
the vxlan tunnel unfragmented then yes it should be possibly however
you may need to disable port_security/security groups on the port as
im not sure if the ip tables firewall driver will correctly handel
this case.

an alternive to disabling security groups would be to add an explicit
rule that matched on the etehrnet type and allowed QinQ traffic on
ingress and egress from the vm.

as far as i am aware this is not tested in the gate so while it should
work  the lack of documentation and test coverage means you will
likely be one of the first to test it if you
choose to do so and it may fail for many reasons.


On 7 August 2018 at 09:15, Frank Wang <wangpeihuixyz at 126.com> wrote:
> Hello folks,
>
> I noted that the API already has the vlan_transparent attribute in the
> network, Do neutron-agents(linux-bridge, openvswitch) support QinQ?  I
> didn't find any reference materials that could guide me on how to use or
> configure it.
>
> Thank for your time reading this, Any comments would be appreciated.
>
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list