[openstack-dev] [neutron] Does neutron support QinQ(vlan transparent) ?
Frank Wang
wangpeihuixyz at 126.com
Wed Aug 8 08:51:21 UTC 2018
Awesome! Thanks, I'll take some time to review this patch. we can discuss it deeper during the review
At 2018-08-08 14:59:21, "Bence Romsics" <bence.romsics at gmail.com> wrote:
>Hi,
>
>Just about a week ago Li Zhouzhou pushed a change for review to
>support vlan transparency with ovs too (building on the relatively new
>QinQ support in ovs):
>
>https://review.openstack.org/576687
>
>I did not get time to look into the patch deeper yet, but I guess
>reviews are always welcome. I also cc-ed this mail so he/she can chime
>in.
>
>Cheers,
>Bence Romsics
>On Tue, Aug 7, 2018 at 1:32 PM Sean Mooney <work at seanmooney.info> wrote:
>>
>> TL;DR
>> it wont work with the ovs agent but "should" work with linux bridge.
>> see full message below for details.
>> regards
>> sean.
>>
>> the linux bridge agent supports the vlan_transparent option only when
>> createing networks with an l3 segmentation type e.g. vxlan,gre...
>>
>> ovs using the neutron l2 agnet does not supprot vlan_transparent
>> netwroks because of how that agent use vlans for tenant isolation on
>> the br-int.
>>
>> it is possible to use achive vlan transparancy with ovs usign an sdn
>> controller such as odl or ovn but that was not what you asked in your
>> question so i wont expand on that futher.
>>
>> if you deploy openstack with linux bridge networking and then create a
>> tenant network of type vxlan with vlan_transparancy set to true and
>> your tenants
>> generate QinQ traffic with an mtu reduced so that it will fix within
>> the vxlan tunnel unfragmented then yes it should be possibly however
>> you may need to disable port_security/security groups on the port as
>> im not sure if the ip tables firewall driver will correctly handel
>> this case.
>>
>> an alternive to disabling security groups would be to add an explicit
>> rule that matched on the etehrnet type and allowed QinQ traffic on
>> ingress and egress from the vm.
>>
>> as far as i am aware this is not tested in the gate so while it should
>> work the lack of documentation and test coverage means you will
>> likely be one of the first to test it if you
>> choose to do so and it may fail for many reasons.
>>
>>
>> On 7 August 2018 at 09:15, Frank Wang <wangpeihuixyz at 126.com> wrote:
>> > Hello folks,
>> >
>> > I noted that the API already has the vlan_transparent attribute in the
>> > network, Do neutron-agents(linux-bridge, openvswitch) support QinQ? I
>> > didn't find any reference materials that could guide me on how to use or
>> > configure it.
>> >
>> > Thank for your time reading this, Any comments would be appreciated.
>> >
>> >
>> >
>> >
>> >
>> > __________________________________________________________________________
>> > OpenStack Development Mailing List (not for usage questions)
>> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180808/fc6fce04/attachment.html>
More information about the OpenStack-dev
mailing list