<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter., 27 de jun. de 2023 às 14:20, Gary Molenkamp <<a href="mailto:molenkam@uwo.ca">molenkam@uwo.ca</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<br>
<br>
<div>On 2023-06-27 11:18, Roberto Bartzen
Acosta wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Gary,</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em ter., 27 de jun. de 2023
às 11:47, Yatin Karel <<a href="mailto:ykarel@redhat.com" target="_blank">ykarel@redhat.com</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div>Hi Gary,</div>
<div><br>
</div>
<div>On top what Rodolfo said<br>
</div>
</div>
On Tue, Jun 27, 2023 at 5:15 PM Gary Molenkamp <<a href="mailto:molenkam@uwo.ca" target="_blank">molenkam@uwo.ca</a>>
wrote:
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Good morning, I'm
having a problem with snat routing under OVN but I'm <br>
not sure if something is mis-configured or just my
understanding of how <br>
OVN is architected is wrong.<br>
<br>
I've built a Zed cloud, since upgraded to Antelope,
using the Neutron <br>
Manual install method here: <br>
<a href="https://docs.openstack.org/neutron/latest/install/ovn/manual_install.html" rel="noreferrer" target="_blank">https://docs.openstack.org/neutron/latest/install/ovn/manual_install.html</a><br>
I'm using a multi-tenent configuration using geneve
and the flat <br>
provider network is present on each hypervisor. Each
hypervisor is <br>
connected to the physical provider network, along with
the tenent <br>
network and is tagged as an external chassis under
OVN.<br>
br-int exists, as does br-provider<br>
ovs-vsctl set open . <br>
external-ids:ovn-cms-options=enable-chassis-as-gw<br>
</blockquote>
<div><br>
</div>
<div>Any specific reason to enable gateway on compute
nodes? Generally it's recommended to use
controller/network nodes as gateway. What's your
env(number of controllers, network, compute nodes)?<br>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Wouldn't it be interesting to enable-chassis-as-gw on the
compute nodes, just in case you want to use DVR: If that's
the case, you need to map the external bridge (<span style="background-color:rgb(244,245,247);color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap">ovs-vsctl set open . external-ids:ovn-bridge-mappings=...</span>)
via ansible this is created automatically, but in the manual
installation I didn't see any mention of it.</div>
</div>
</div>
</blockquote>
<br>
Our intention was to distribute the routing on our OVN cloud to take
advantage of DVR as our provider network is just a tagged vlan in
our physical infrastructure. This avoids requiring dedicated
network node(s) and fewer bottlenecks. I had not set up any <span style="background-color:rgb(244,245,247);color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap">ovn-bridge-mappings</span>
as it was not mentioned in the manual install. I will look into it.<br>
<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div> </div>
<div>The problem is basically that the port of the OVN LRP may
not be in the same chassis as the VM that failed (since the
CR-LRP will be where the first VM of that network will be
created). The suggestion is to remove the
enable-chassis-as-gw from the compute nodes to allow the VM
to forward traffic via tunneling/Geneve to the chassis where
the LRP resides.<br>
</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<br>
I forced a similar VM onto the same chassis as the working VM, and
it was able to communicate out. If we do want to keep multiple
chassis' as gateways, would that be addressed with the
ovn-bridge-mappings?<br></div></blockquote><div><br></div><div>Verify your ml2 config file:<br><br>cat /etc/neutron/plugins/ml2/ml2_conf.ini<br>[ml2_type_vlan]<br>network_vlan_ranges = vlan:101:200,vlan:301:400<br><br>Note the name used to map the vlan ranges: in this example = vlan.<br><br>On compute nodes, check if exists or create the external bridge (usually called br-provider):<br><br>ovs-vsctl --no-wait -- --may-exist add-br br-provider -- set bridge br-provider protocols=OpenFlow10,OpenFlow12,OpenFlow13,OpenFlow14,OpenFlow15<br>ovs-vsctl --no-wait br-set-external-id br-provider bridge-id br-provider<br><br>Set the ovn-bridge-mappings using the network_vlan_ranges name and the ovs external bridge name (it is exactly the same configuration applied in gw node):</div><div><br>ovs-vsctl set open . external-ids:ovn-bridge-mappings=vlan:br-provider<br><br><br>Don't forget to enable DVR for FIPs...:<br><br>vi /etc/neutron/plugins/ml2/ml2_conf.ini<br>[ovn]<br>enable_distributed_floating_ip = True<br><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<br>
<br>
<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">ovs-vsctl remove open . external-ids ovn-cms-options="enable-chassis-as-gw"
</span><span style="box-sizing:border-box;padding-left:8px;margin-right:8px;text-align:right;float:left;font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247);display:inline-block;padding-right:8px"></span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">ovs-vsctl remove open . external-ids ovn-bridge-mappings
</span><span style="box-sizing:border-box;padding-left:8px;margin-right:8px;text-align:right;float:left;font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247);display:inline-block;padding-right:8px"></span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">ip link set br-provider-name down
</span><span style="box-sizing:border-box;padding-left:8px;margin-right:8px;text-align:right;float:left;font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247);display:inline-block;padding-right:8px"></span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">ovs-vsctl del-br </span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">br-provider-name</span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">
</span><span style="box-sizing:border-box;padding-left:8px;margin-right:8px;text-align:right;float:left;font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247);display:inline-block;padding-right:8px"></span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">systemctl restart ovn-controller
</span><span style="box-sizing:border-box;padding-left:8px;margin-right:8px;text-align:right;float:left;font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247);display:inline-block;padding-right:8px"></span><span style="color:rgb(23,43,77);font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247)">systemctl restart openvswitch-switch
</span><span style="box-sizing:border-box;padding-left:8px;margin-right:8px;text-align:right;float:left;font-family:SFMono-Medium,"SF Mono","Segoe UI Mono","Roboto Mono","Ubuntu Mono",Menlo,Consolas,Courier,monospace;font-size:14px;white-space:pre-wrap;background-color:rgb(244,245,247);display:inline-block;padding-right:8px"></span></div>
<div><br>
</div>
</div>
</div>
</blockquote>
<br>
<br>
<br>
<pre cols="72">--
Gary Molenkamp Science Technology Services
Systems Administrator University of Western Ontario
<a href="mailto:molenkam@uwo.ca" target="_blank">molenkam@uwo.ca</a> <a href="http://sts.sci.uwo.ca" target="_blank">http://sts.sci.uwo.ca</a>
(519) 661-2111 x86882 (519) 661-3566</pre>
</div>
</blockquote></div></div>
<br>
<div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><div style="color:rgb(97,97,97);font-family:'Open Sans';font-size:14px;line-height:21px;background-color:rgb(255,255,255)"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8000001907349px;line-height:normal"><div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><div style="color:rgb(97,97,97);font-family:'Open Sans';font-size:14px;line-height:21px"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8000001907349px;line-height:normal"><br></div></div></div><div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><i style="font-family:arial,sans-serif;font-size:x-small">‘Esta mensagem é direcionada apenas para os endereços constantes no cabeçalho inicial. Se você não está listado nos endereços constantes no cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão imediatamente anuladas e proibidas’.</i></div><div style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><p style="font-family:arial,sans-serif;text-align:justify"><i><font size="1"> </font></i><i><font size="1">‘Apesar do Magazine Luiza tomar todas as precauções razoáveis para assegurar que nenhum vírus esteja presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.</font></i></p></div></div></div></div>