Open Stack

On Fri, Sep 30, 2022 at 6:20 PM Ihtisham ul Haq
<Ihtisham.ul_Haq at mail.schwarz> wrote:

> Hi Luis and Daniel,
>
> Please see inline response.
>
> > From: Daniel Alvarez Sanchez <dalvarez at redhat.com>
> > Sent: 29 September 2022 11:37
> > Subject: Re: OVN BGP Agent query
> >
> > Hi Ihtisham and Luis,
> >
> > On Thu, Sep 29, 2022 at 7:42 AM Luis Tomas Bolivar <ltomasbo at redhat.com>
> wrote:
> > > Some comments and questions inline
> > >
> > > On Tue, Sep 27, 2022 at 1:39 PM Ihtisham ul haq <
> ihtisham.uh at hotmail.com> wrote:
> > > > Hi Luis,
> > > >
> > > > Thanks for your work on the OVN BGP Agent. We are planning
> > > > to use it in our OVN deployment, but have a question regarding it.
> > >
> > > Great to hear! Can you share a bit more info about this environment?
> like
> > > openstack version, target workload, etc.
>
> We plan to use this with Yoga version. Our workload consist of enterprise
> users
> with VMs running on Openstack and connected to their enterprise network via
> transfer network(to which the customer neutron router is attached to).
> And we also have public workload but with the ovn-bgp we only want to
> we want to advertise the former.
>
> > >
> > > > The way our current setup with ML2/OVS works is that our customer VM
> IP routes
> > > > are announced via the router IP(of the that customer) to the leaf
> switch instead of
> > > > the IP of the host where the neutron BGP agent runs. And then even
> if the
> > > > router fails over, the IP of the router stays the same and thus the
> BGP route
> > > > doesn't need to be updated.
> > >
> > > Is this with Neutron Dynamic Routing? When you say Router IP, do you
> mean the virtual neutron router and its IP associated with the provider
> network? What type of IPs are you announcing with BGP? IPs on provider
> network or on tenant networks (or both)?
>
> Yes, that's with Neutron DR agent, and I meant virtual neutron router with
> IP from the provider network. We announce IPs of our tenant network via the
> virtual routers external address.
>
> > > If the router fails over, the route needs to be updated, doesn't it?
> Same IP, but exposed in the new location of the router?
>
> Correct.
>
> > The route to the tenant network doesn't change, ie.
> > 192.168.0.0 via 172.24.4.100  (this route remains the same regardless of
> where 172.24.4.100 is).
> > If there's L2 in the 172.24.4.0 network, the new location of
> 172.24.4.100 will be learnt via GARP announcement. In our case, this won't
> happen as we don't have L2 so we expose directly connected routes to
> overcome this "limitation".
>
> Right, in our case we have a stretched L2 transfer network(mentioned above)
> to which our gateway nodes and customer routers are connected to, so we can
> advertise the IPs from the tenant network via the virtual router external
> IP
> and thus the location of the router isn't relevant in case of failover as
> its
> address will be relearned.
>
> > In the case of Neutron Dynamic Routing, there's no assumption that
> everything is L3 so GARPs are needed to learn the new location.
> >
> > > > We see that the routes are announced by the ovn-bgp-agent via the
> host IP(GTW) in our
> > > > switch peers. If that's the case then how do you make sure that
> during failover
> > > > of a router, the BGP routes gets updated with the new host IP(where
> the router
> > > > failed over to)?
> > >
> > > The local FRR running at each node is in charge of exposing the IPs.
> For the IPs on the provider network, the traffic is directly exposed where
> the VMs are, without having to go through the virtual router, so a router
> failover won't change the route.
> > > In the case of VMs on tenant networks, the traffic is exposed on the
> node where the virtual router gateway port is associated (I suppose this is
> what you refer to with router IP). In the case of a failover the agent is
> in charge of making FRR to withdraw the exposed routes on the old node, and
> re-advertise them on the new router IP location
> > >
> > > > Can we accomplish the same route advertisement as our ML2/OVS setup,
> using the ovn-bgp-agent?
> >
> > I think this is technically possible, and perhaps you want to contribute
> that functionality or even help integrating the agent as a driver of
> Neutron Dynamic Routing?
>
> Sounds good, our plan currently is to add this to the ovn-bgp-agent,
> so we can announce our tenant routes via virtual routers external address
> on
> a stretched L2 network, to make it work with our use case.
>

Great to hear!!

Just to make it clear, the ovn-bgp-agent current solution is to expose the
tenant VM IPs through the host that has the OVN router gateway port, so for
example, if the VM IP (10.0.0.5) is connected to the neutron virtual
router, which in turns is connected to your provider network (your transfer
network) with IP 172.24.4.10, and hosted in a physical server with IP
192.168.100.100, the route will be exposed as:
- 10.0.0.5 nexthop 192.168.100.100
- 172.24.4.10 nexthop 192.168.100.100

As we are using FRR config "redistributed connected". As the traffic to the
tenant networks needs to be injected into the OVN overlay through the
gateway node hosting that ovn virtual router gateway port (cr-lrp), would
it be ok if, besides those route we also advertise?
- 10.0.0.5 nexthop 172.24.4.10

Cheers,
Luis







>
>
> --
> Ihtisham ul Haq
> Diese E Mail enthält möglicherweise vertrauliche Inhalte und ist nur für
> die Verwertung durch den vorgesehenen Empfänger bestimmt. Sollten Sie nicht
> der vorgesehene Empfänger sein, setzen Sie den Absender bitte unverzüglich
> in Kenntnis und löschen diese E Mail. Hinweise zum Datenschutz finden Sie
> hier<https://www.datenschutz.schwarz>.
>
>

-- 
LUIS TOMÁS BOLÍVAR
Principal Software Engineer
Red Hat
Madrid, Spain
ltomasbo at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20221003/19ee3722/attachment-0001.htm>