[Openstack-operators] Help with multiple external network in openstack

Fox, Kevin M Kevin.Fox at pnnl.gov
Fri Jun 5 15:01:53 UTC 2015


Since you are passing the tagged physical network device eth1.803 into the bridge, I think you need to use a flat network in the config/ external network create command. Otherwise it may do nested vlan tags.

Thanks,
Kevin

________________________________
From: Geo Varghese
Sent: Friday, June 05, 2015 5:38:33 AM
To: Miguel A Diaz Corchero
Cc: openstack-operators at lists.openstack.org
Subject: Re: [Openstack-operators] Help with multiple external network in openstack

Hi Miguel,

I am adding my content of /etc/neutron/plugins/ml2/ml2_conf.ini of controller

[ml2]
type_drivers = gre,vlan
tenant_network_types = gre,vlan
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks =

[ml2_type_vlan]
network_vlan_ranges = physnet1:803:803,physnet2:805:805

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[ml2_type_vxlan]
vni_ranges =
vxlan_group =

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 192.168.100.74
tunnel_type = gre
enable_tunneling = True
bridge_mappings = physnet1:br-ex803,physnet2:br-ex805

The content of /etc/neutron/l3_agent.ini of controller

[DEFAULT]
debug = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
gateway_external_network_id =
handle_internal_only_routers = True
external_network_bridge =
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
router_delete_namespaces = False


Content of ovs-vsctl show  after creating the bridges

root at Node25:/home/geo# ovs-vsctl show
cd31399c-bdb7-4b79-9d51-acbec1a41619
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
        Port "qr-221f276d-81"
            tag: 1
            Interface "qr-221f276d-81"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "int-br-ex805"
            Interface "int-br-ex805"
        Port "int-br-ex803"
            Interface "int-br-ex803"
        Port "qg-d3568030-c3"
            tag: 2
            Interface "qg-d3568030-c3"
                type: internal
        Port "tapd7bacca2-15"
            tag: 1
            Interface "tapd7bacca2-15"
                type: internal
        Port br-int
            Interface br-int
                type: internal
    Bridge "br-ex803"
        Port "eth1.803"
            Interface "eth1.803"
        Port "phy-br-ex803"
            Interface "phy-br-ex803"
        Port "br-ex803"
            Interface "br-ex803"
                type: internal
    Bridge br-tun
        Port "gre-c0a864fe"
            Interface "gre-c0a864fe"
                type: gre
                options: {in_key=flow, local_ip="192.168.100.74", out_key=flow, remote_ip="192.168.100.254"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge "br-ex805"
        Port "phy-br-ex805"
            Interface "phy-br-ex805"
        Port "br-ex805"
            Interface "br-ex805"
                type: internal
        Port "eth1.805"
            Interface "eth1.805"
    ovs_version: "2.0.2"


External network added by following commands

External network 1 =>

 neutron net-create ext-net1 --shared --router:external=True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 803

neutron subnet-create ext-net1 --name ext-subnet1 --allocation-pool start=192.168.200.150,end=192.168.200.160 --disable-dhcp 192.168.200.0/24<http://192.168.200.0/24>

External network 2 =>
neutron net-create ext-net2 --shared --router:external=True --provider:physical_network physnet2 --provider:network_type vlan --provider:segmentation_id 805

neutron subnet-create ext-net2 --name ext-subnet1 --allocation-pool start=192.168.123.150,end=192.168.123.160 --disable-dhcp 192.168.123.0/24<http://192.168.123.0/24>

Please update if you need any other details.

Thanks again for your time.


On Fri, Jun 5, 2015 at 5:05 PM, Geo Varghese <gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>> wrote:
Hi Miguel,

Thanks for getting back to me.

I have already restarted both machines - controller and compute

Do i need to paste any commands or conf to debug it?


On Fri, Jun 5, 2015 at 4:55 PM, Miguel A Diaz Corchero <miguelangel.diaz at externos.ciemat.es<mailto:miguelangel.diaz at externos.ciemat.es>> wrote:
El 05/06/15 13:07, Geo Varghese escribió:
I tried it but somethig missing still, ping to floating IP seems not working
please, try to restart the L3 agent linked with that floating IP and let us know

do we have to add any changes to compute node  for it?
it shouldn't be necessary

Miguel.



On Fri, Jun 5, 2015 at 12:16 PM, Geo Varghese <gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>> wrote:
Miguel,

Thanks thats a great link. Let me try it.

On Fri, Jun 5, 2015 at 12:04 PM, Miguel A Diaz Corchero <miguelangel.diaz at externos.ciemat.es<mailto:miguelangel.diaz at externos.ciemat.es>> wrote:
Following this link I configured it in my infrastructure. Maybe this can also help you.

https://www.softwareab.net/wordpress/openstack-adding-external-networks-neutron-gre/

Miguel.

El 04/06/15 23:15, Geo Varghese escribió:
Thanks a lot friend for explaining it. I am also using ubuntu.

let me try it. I will update you with the results.

On Fri, Jun 5, 2015 at 2:20 AM, Abrahams.Noah <Noah.Abrahams at igt.com<mailto:Noah.Abrahams at igt.com>> wrote:
Hi Geo,

First a disclaimer: I’m working on Ubuntu and Icehouse, so you might have different behavior, based on your distributions.  Also, I don’t have all the specifics and flags you might need, but hopefully this can point you in the right direction.  Also, also, the design below accounts for some VLAN segregation, and may be more complicated than what you need.

Since you already have the eth devices created, and assuming your routing is correct: I would create a new bridge for each vlan with ovs-vsctl (say, br-ex803 and br-ex805).  If you look at http://openvswitch.org/support/dist-docs/ovs-vsctl.8.txt you can find the syntax for add-br to create the bridge, then add-port to bind it to the eth device.  You can also use ovs-vsctl to set the trunks property on the port, after it’s created, which you’ll need for the vlan tagging.  Then, create a new physnet to match each one of those (physnet3, physnet4, etc) and include them in the bridge-mapping as “physnet3:br-ex803”, or something similar, and specify the VLANs as belonging to that particular physnet in the network_vlan_ranges parameter, like “…physnet3:803,physnet4:805”.

After all that, you’ll need to update the neutron sql database so the entry in the network segments table will point to the correct physnet.  Search it by the UUID of the network you’re creating, and update the physical_network property to match “physnet3” or whatever you create.  Then you can create a subnet from that network, allocate from it, and it should work.  You’ll also need to restart the openvswitch-agent and the L3-agent, probably before you create the subnet.

Noah Abrahams
Staff Engineer @ IGT  |  Central Platforms and Apps

From: Geo Varghese [mailto:gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>]
Sent: Thursday, June 04, 2015 12:43 PM
To: Abrahams.Noah
Cc: openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>
Subject: Re: [Openstack-operators] Help with multiple external network in openstack

Hi Noah,

Thanks a lot for valuable inputs.

I am using vlan tags for 2 external network and it configured on eth1.

The two interfaces for multiple external networks are eth1.803 and eth1.805

Currently i didn't created br-ex bridge as it is multiple network.


I have added vlan rages as =>

network_vlan_ranges = physnet1:100:2999

bridge_mappings as

bridge_mappings =


Can you please explain what are the configurations I have to do to implement it.

Thanks for your time.


On Fri, Jun 5, 2015 at 12:18 AM, Abrahams.Noah <Noah.Abrahams at igt.com<mailto:Noah.Abrahams at igt.com>> wrote:
Geo,

You also need to set the gateway_external_network_id variable to empty.  If you don’t, the L3 agent is either using the gateway from the network with the specified UUID, or can’t figure out which one to use.

Also, if the networks have VLAN tags that would be handled by the switch, you might need to create that network on an entirely separate bridge (for example: br-ex2) and bind it to your physical interface.  After you do that, go through all the associations, such as adding the new physnet# in your bridge mappings and vlan ranges in your ml2_conf.ini.

Noah Abrahams
Staff Engineer @ IGT  |  Central Platforms and Apps

From: Geo Varghese [mailto:gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>]
Sent: Thursday, June 04, 2015 6:26 AM
To: openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: [Openstack-operators] Help with multiple external network in openstack

Hi Team,
I need some help to setup multiple external network

In normal single external network we create br-ex bridge and add it in
/etc/neutron/l3_agent.ini
As

external_network_bridge = br-ex
It is working for me.
But in the case of multiple external network, this variable to be set to empty according to the docs. I did that but seems working.
Any one please specify whta other changes i have to do to make it working.
Thanks for your support guys.


--
Regards,
Geo Varghese
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.



--
--
Regards,
Geo Varghese
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.



--
--
Regards,
Geo Varghese



_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators



_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators




--
--
Regards,
Geo Varghese



--
--
Regards,
Geo Varghese




--
--
Regards,
Geo Varghese



--
--
Regards,
Geo Varghese
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150605/0a1e554e/attachment.html>


More information about the OpenStack-operators mailing list