[neutron] Can br-ex and br-tun use the same interface?

Slawek Kaplonski skaplons at redhat.com
Tue Feb 18 12:55:29 UTC 2020


> On 18 Feb 2020, at 13:30, Sean Mooney <smooney at redhat.com> wrote:
> On Tue, 2020-02-18 at 20:03 +0800, Zhengyu Pan wrote:
>> Hi,
>> Thank you. Do i  only need to add a patch port  that connects br-ex with br-tun? And create a port that binds tunnel
>> ip  in br-ex?
> no the br-ex should be connect to the br-int by a patch port already and the br-tun will be connected to the br-int
> via a patch port already so br-tun and br-ex are connected indirectly so the optimisation will work.
> if you do not have a patch port between br-ex and br-int then yes you shoudl create one.

Patch ports between br-int and all external bridges defined in bridge_mappings are created automatically by neutron-ovs-agent: https://github.com/openstack/neutron/blob/8ba44d672059e2dbea6a0516e5832cec40800a77/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1420

> you want to avoid a loop between the bridge so you dont want all bridge to be connected directly.
> they should all connect to br-int but not to each other.
> regarding the ip i alwasy just configruied it on the br-ex local bridge port
> so "ifconfig br-ex up" or whatever you ip is.
> you can obviously do that with network manager or systemd network script too.
> just ensure whatever ip is set as the neutron local tunnel ip is assigned to the br-ex and
> your tunnel traffic will use that interface as long as the routing table identifs it as the correct
> interface.
> if you have two interface in the same subnet or your vxlan tunnel ips are on multiple subnets and are routed
> you need to make sure the metric/route pirortiy for the br-ex will be set correctly so that it is selected instead of
> other options.
> normally you wont have to do anything as your tunnel endpoint ips will come form a singel subnet and you wont have other
> interfaces in the same range i just mention that above incase you have a non standard deployment. 
>> --
>> Thanks.
>> Zhengyu
>> At 2020-02-18 18:39:25, "Sean Mooney" <smooney at redhat.com> wrote:
>>> On Tue, 2020-02-18 at 19:12 +0800, Zhengyu Pan wrote:
>>>> hi,
>>>>    I have only two physical  interfaces. In my deploying, network node and compute node are the same. 
>>>> Can Bridge br-tun and br-ex use the same interface when using vxlan network type ? management network use the
>>>> other
>>>> interface?
>>> yes they can. the way this works wehn ovs encapsulates teh packet the vxlan tunnel endpoint ip is used to lookup
>>> what
>>> interface to transmit the packet on. so to use the same interface for both tunnels and provider networks you need
>>> to assign the tunnel endpoint ip to br-ex. ovs has a special operation at the dataplane level call out_port which is
>>> different form output. if ovs detects that the the source ip adress of the vxlan tunnel is assocaited with a bridge,
>>> in this case  br-ex and if that bridge is connect to the bridge with the tunnel port directly or indirectly via
>>> patch
>>> ports i it will use the out_port action to skip sending the packet via the kernel networking stack.
>>> so if you use use an interface that is attached to an ovs bridge it will actully imporve performance in general.
>>> that said adding the tunnel endpoint ip to the br-tun and adding an interface to br-tun used to crash ovs. i dont
>>> know
>>> if that was ever fixed but i would recommend not trying and just adding the tunnel enpoint ip to br-ex.
>>> not that this is the recommended way to deploy ovs-dpdk as if you dont add the tunnel endpoint ip to br-ex all
>>> packets
>>> that use vxlan will be sent via the kernel which will significantly reduce performance.
>>> im not sure if this works with hardwar offloaded ovs but i would consider it a bug if it did not.

Slawek Kaplonski
Senior software engineer
Red Hat

More information about the openstack-discuss mailing list