[Openstack-operators] help: Multiple external networks with a single L3 agent
Dan Sneddon
dsneddon at redhat.com
Fri Feb 10 22:06:49 UTC 2017
On 02/10/2017 08:39 AM, Gaurav Goyal wrote:
> Hi,
>
> I need your help to configure multiple external networks in openstack
> environment.
>
> I am using Liberty openstack. openvswitch with gre tunneling.
> I want to create multiple external networks so that all interfaces of my
> VM can be accessible to outside world.
> I need your help to config neutron for multiple external networks.
>
> should i do following changes in my existing configuration?
>
> flat_networks = *
> bridge_mappings = external:br-ex,external1:br-ex1
> ovs-vsctl add-br br-ex1
> ovs-vsctl add-port br-ex /p5p3/
>
> is it going to impact all existing VMs running in openstack environment?
>
> *
> o
>
> Edit the |/etc/neutron/plugins/ml2/ml2_conf.ini| file and
> complete the following actions:
>
> 1.
>
>
>
> 1
> 2
> 3
> 4
> 5
>
> |[ml2]|
> |...|
> |type_drivers = flat,vlan,gre,vxlan|
> |tenant_network_types = gre|
> |mechanism_drivers = openvswitch|
>
> 2.
>
> In the |[ml2_type_flat]|
>
>
> 1
> 2
> 3
>
> |[ml2_type_flat]|
> |...|
> |flat_networks = external|
>
> 3.
>
> In the |[ml2_type_gre]| section,
>
>
> 1
> 2
> 3
>
> |[ml2_type_gre]|
> |...|
> |tunnel_id_ranges = 1:1000|
>
>
> o |/etc/neutron/plugins/ml2/openvswitch_agent.ini|
>
> [root at OSKVM1 ml2]# grep -v ^# openvswitch_agent.ini|grep -v ^$
>
> [ovs]
> local_ip = 10.24.0.4
> bridge_mappings = external:br-ex
> [agent]
> tunnel_types = gre
>
> *
>
> *To configure the Layer-3 (L3) agent*
>
> The Layer-3 (L3) agent
> <http://docs.openstack.org/kilo/install-guide/install/yum/content/neutron-network-node.html> provides
> routing services for virtual networks.
>
> o
>
> |/etc/neutron/l3_agent.ini| file
>
> 1.
>
> In the |[DEFAULT]| section,
>
>
> 1
> 2
> 3
> 4
> 5
>
> |[DEFAULT]|
> |...|
> |interface_driver =
> neutron.agent.linux.interface.OVSInterfaceDriver|
> |external_network_bridge =|
> |router_delete_namespaces = True|
>
>
>
> Note
>
> The |external_network_bridge| option intentionally lacks a
> value to enable multiple external networks on a single agent.
>
> *To configure the DHCP agent*
>
> The DHCP agent
> <http://docs.openstack.org/kilo/install-guide/install/yum/content/neutron-network-node.html> provides
> DHCP services for virtual networks.
>
> 1.
>
> |/etc/neutron/dhcp_agent.ini| file
>
> 1.
>
> In the |[DEFAULT]| section,
>
>
> 1
> 2
> 3
> 4
> 5
>
> |[DEFAULT]|
> |...|
> |interface_driver =
> neutron.agent.linux.interface.OVSInterfaceDriver|
> |dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq|
> |dhcp_delete_namespaces = True|
>
> 1.
>
> |/etc/neutron/dhcp_agent.ini| file
>
> 1.
>
> In the |[DEFAULT]| section,
>
>
> 1
> 2
> 3
>
> |[DEFAULT]|
> |...|
> |dnsmasq_config_file = ||/etc/neutron/dnsmasq-neutron||.conf|
>
> 2.
>
> Created |/etc/neutron/dnsmasq-neutron.conf| file and complete the
> following action:
>
> 1.
>
> Enable the DHCP MTU option (26) and configure it to 1454 bytes:
>
>
> 1
>
> |dhcp-option-force=26,1454|
>
> *To configure the metadata agent*
>
> The metadata agent
> <http://docs.openstack.org/kilo/install-guide/install/yum/content/neutron-network-node.html> provides
> configuration information such as credentials to instances.
>
> 1.
>
> |/etc/neutron/metadata_agent.ini| file
>
> 1.
>
> In the |[DEFAULT]| section,
>
>
> 1
> 2
> 3
> 4
> 5
> 6
> 7
> 8
> 9
> 10
> 11
>
> |[DEFAULT]|
> |...|
> |auth_uri = http:||//||controller:5000|
> |auth_url = http:||//||controller:35357|
> |auth_region = RegionOne|
> |auth_plugin = password|
> |project_domain_id = default|
> |user_domain_id = default|
> |project_name = service|
> |username = neutron|
> |password = NEUTRON_PASS|
>
>
> In the |[DEFAULT]| section, configure the metadata host:
>
> 2.
>
>
> 1
> 2
> 3
>
> |[DEFAULT]|
> |...|
> |nova_metadata_ip = controller|
>
> 3.
>
>
> 4.
>
> In the |[DEFAULT]| section, configure the metadata proxy shared
> secret:
>
>
> 1
> 2
> 3
>
> |[DEFAULT]|
> |...|
> |metadata_proxy_shared_secret = METADATA_SECRET|
>
>
>
> 1.
>
> Add the external bridge:
>
> 2.
>
> # ovs-vsctl add-br br-ex
>
> 3.
>
> Add a port to the external bridge that connects to the physical
> external network interface:
>
> Replace /|INTERFACE_NAME|/ with the actual interface name. For
> example, /eth2/ or /ens256/.
>
> # ovs-vsctl add-port br-ex /p5p2/
>
> /
> /
> /Regards/
> /Gaurav Goyal/
>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
In my experience, I have been able to modify the bridge mappings and add
a bridge without affecting existing networks or VMs. It is required to
restart the Neutron services after making such a change, but existing
networks and ports will continue to operate while the Neutron services
restart. If you want to have the least impact, I believe that restarting
the neutron-server and L2 agents everywhere (such as openvswitch-agent)
is sufficient, you can leave your L3 agents alone.
--
Dan Sneddon | Senior Principal OpenStack Engineer
dsneddon at redhat.com | redhat.com/openstack
dsneddon:irc | @dxs:twitter
More information about the OpenStack-operators
mailing list