[neutron] Next step for BGP routed networks over segmented provider infrastructure segments

Thomas Goirand zigo at debian.org
Wed Jan 6 20:32:43 UTC 2021 

Hi Ryan, and all of the Neutron team,

Today, I'm happy to let you know that I've been able to finish the patch
and that it's merged:

https://review.opendev.org/c/openstack/neutron/+/669395

I also managed to add some docs to Neutron about it:

https://docs.openstack.org/neutron/latest/admin/config-bgp-floating-ip-over-l2-segmented-network.html

We've used it in a pre-production environment, and it just works as
expected, it's kind of great.

However, there's some feature gaps that would need to be addressed. Namely:
- external-gateway of routers aren't advertized
- we can't do direct attach of public IPs to VMs
- I failed adding IPv6 dual stack to this setup

Let me go into more details for each of these 3 points.

1/ No BGP advertizing for the router default gateways

When doing:

openstack router set --external-gateway <provider-net> <router>

we then get this type of port:

# openstack port show <UUID> -c binding_vif_details -c binding_vif_type
+---------------------+-------------------------------------------------------------------------------------------------------------+
| Field               | Value
                                                           |
+---------------------+-------------------------------------------------------------------------------------------------------------+
| binding_vif_details | bridge_name='br-int', connectivity='l2',
datapath_type='system', ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type    | ovs
                                                           |
+---------------------+-------------------------------------------------------------------------------------------------------------+

which doesn't match the type of port we have for floating IPs:

# openstack port show <UUID> -c binding_vif_details -c binding_vif_type
+---------------------+---------+
| Field               | Value   |
+---------------------+---------+
| binding_vif_details |         |
| binding_vif_type    | unbound |
+---------------------+---------+

and then, the next HOP for the router gateway isn't advertized over BGP.

Do you know how we could get neutron-dynamic-routing to do that
advertizing, with the next HOP on the network node(s)? Where should that
code be patch? Inside Neutron, or in neutron-dynamic-routing? Is this
really related to the port type as I've showed above?

2/ No direct attach to VM ports

We can't attach a port with an IP network:routed directly to a VM. I
tried to add the subnet type "compute:nova" to the floating IP subnet,
but that didn't do it: Neutron refuses to attach the port to a VM.

Do you know why? How and what and where should we patch Neutron to fix this?

3/ IPv6 dual stack

I tried to setup a dual-stack network, and failed. How should this be
done? Should we add v6 subnets to segments and one subnet with the type
--service-type 'network:router_gateway' as well? This is what I tried
but it didn't work for me. Should tenants create their own v6 subnet out
of the v6 subnet pool I provisioned as admin?

Cheers,

Thomas Goirand (zigo)

P.S: Please keep my Infomaniak colleagues as Cc.

More information about the openstack-discuss mailing list