Open Stack

Hi,

Just about a week ago Li Zhouzhou pushed a change for review to
support vlan transparency with ovs too (building on the relatively new
QinQ support in ovs):

https://review.openstack.org/576687

I did not get time to look into the patch deeper yet, but I guess
reviews are always welcome. I also cc-ed this mail so he/she can chime
in.

Cheers,
Bence Romsics
On Tue, Aug 7, 2018 at 1:32 PM Sean Mooney <work at seanmooney.info> wrote:
>
> TL;DR
> it wont work with the ovs agent but "should" work with linux bridge.
> see full message below for details.
> regards
> sean.
>
> the linux bridge agent supports the  vlan_transparent option only when
> createing networks with an l3 segmentation type e.g. vxlan,gre...
>
> ovs using the neutron l2 agnet does not supprot vlan_transparent
> netwroks because of how that agent use vlans for tenant isolation on
> the br-int.
>
> it is possible to use achive vlan transparancy with ovs usign an sdn
> controller such as odl or ovn but that was not what you asked in your
> question so i wont expand on that futher.
>
> if you deploy openstack with linux bridge networking and then create a
> tenant network of type vxlan with vlan_transparancy set to true and
> your tenants
> generate QinQ traffic with an mtu reduced so that it will fix within
> the vxlan tunnel unfragmented then yes it should be possibly however
> you may need to disable port_security/security groups on the port as
> im not sure if the ip tables firewall driver will correctly handel
> this case.
>
> an alternive to disabling security groups would be to add an explicit
> rule that matched on the etehrnet type and allowed QinQ traffic on
> ingress and egress from the vm.
>
> as far as i am aware this is not tested in the gate so while it should
> work  the lack of documentation and test coverage means you will
> likely be one of the first to test it if you
> choose to do so and it may fail for many reasons.
>
>
> On 7 August 2018 at 09:15, Frank Wang <wangpeihuixyz at 126.com> wrote:
> > Hello folks,
> >
> > I noted that the API already has the vlan_transparent attribute in the
> > network, Do neutron-agents(linux-bridge, openvswitch) support QinQ?  I
> > didn't find any reference materials that could guide me on how to use or
> > configure it.
> >
> > Thank for your time reading this, Any comments would be appreciated.
> >
> >
> >
> >
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev