[Openstack-operators] [neutron] multiple external networks on the same host NIC

Mike Spreitzer mspreitz at us.ibm.com
Mon Apr 27 16:49:52 UTC 2015


Uwe Sauter <uwe.sauter.de at gmail.com> wrote on 04/27/2015 10:54:15 AM:

> Am 27.04.2015 um 16:36 schrieb Mike Spreitzer:
> > Uwe Sauter <uwe.sauter.de at gmail.com> wrote on 04/25/2015 04:17:35 PM:
> > 
> >> Or instead of using Linux bridges you could use a manually created
> >> OpenVSwitch bridge. This allows you to add "internal"
> >> ports that could be used by Neutron like any other interface.
> >>
> >> - Create OVS bridge
> >> - Add your external interface to OVS bridge
> >>   * If your external connection supports/needs VLANs, configure
> >> external interface as trunk
> >> - Add any number of internal interfaces to OVS bridge
> >>   * Tag each interface with its VLAN ID, if needed
> >> - Configure Neutron to use one internal interface for each subnet
> >> you'd like to use (no VLAN configuration required as
> >> this happenes outside of Neutron)
> >>
> >> Regards,
> >>
> >>    Uwe
> >>
> >> Am 25.04.2015 um 21:41 schrieb George Shuklin:
> >> > Can you put them to different vlans? After that it would be 
> very easy task.
> >> >
> >> > If not, AFAIK, neutron does not allow this.
> >> >
> >> > Or you can trick it thinking it is (are) separate networks.
> >> >
> >> > Create brige (br-join), plug eth to it.
> >> > Create to fake external bridges (br-ex1, br-ex2). Join them
> >> together to br-join by patch links
> >> > (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-
> >> patch-ports/)
> >> >
> >> > Instruct neutron like there is two external networks: one on br-
> >> ex1, second on br-ex2.
> >> >
> >> > But be alert that this not very stable configuration, you need to
> >> maintain it by yourself.
> >> >
> >> > On 04/25/2015 10:13 PM, Mike Spreitzer wrote:
> >> >> Is there a way to create multiple external networks from
> >> Neutron's point of view, where both of those networks are
> >> >> accessed through the same host NIC?  Obviously those networks
> >> would be using different subnets.  I need this sort of
> >> >> thing because the two subnets are treated differently by the
> >> stuff outside of OpenStack, so I need a way that a tenant
> >> >> can get a floating IP of the sort he wants.  Since Neutron
> >> equates floating IP allocation pools with external
> >> >> networks, I need two external networks.
> >> >>
> >> >> I found, for example, http://www.marcoberube.com/archives/248---
> >> which describes how to have multiple external
> >> >> networks but uses a distinct host network interface for each one.
> > 
> > Now that I have found my bridge_mappings configuration statement, 
> I can return to thinking about what you said.  It sounds very
> > similar to what George said --- it is just that you suggest an OVS
> switch in place of George's br-join (which I had assumed was
> > also an OVS switch, since it is named like the others).  Do I have
> this right?
> > 
> > Thanks,
> > Mike
> > 
> 
> Mike,
> 
> 
> if I understood Georges answer correctly he suggested one bridge 
> (br-join, either OVS or linux bridge) to connect other bridges
> via patch links, one for each external network you'd like to create.
> These second level bridges are then used for the Neutron
> configuration:
> 
>                 br-ext1 -> Neutron
>                /
>             patch-link
>              /
> ethX –br-join
>              \
>             patch-link
>                \
>                 br-ext2 -> Neutron
> 
> 
> 
> I suggested to use an OVS bridge because there it'd be possible to 
> stay away from the performance-wise worse patch-links and Linux
> bridges and use "internal" interfaces to connect to Neutron directly
> – which on second thought won't work if Neutron expects a
> bridge in that place.
> 
> What I suggested later on is that you probably don't need any second
> level bridge at all. Just create a second/third external
> network with appropriate CIDR. As long as those networks are 
> externally connected to your interface (and thus the bridge) you
> should be good to go.

In parallel emails we have established that I have to do what you have 
drawn.  I need to do that the node(s) that run L3 agents.  Do I need to 
modify the bridge_mappings, flat_networks, or network_vlan_ranges 
configuration statement on the other nodes (compute hosts)?

Thanks,
Mike


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150427/3fec1260/attachment.html>


More information about the OpenStack-operators mailing list