[Openstack] Changing quantum/neutron OVS Plugin

Robert van Leeuwen Robert.vanLeeuwen at spilgames.com
Fri Sep 13 17:05:13 UTC 2013 

>> On 9/11/2013 3:29 AM, Geraint Jones wrote:
>> We are using "tenant_network_type = gre"
>> 2.) The network node load is never under 3.5 – 4. This seems to be the case if we are doing 10mbit or 800mbit.
>> 3.) Network performance is unpredictable at best.


> From: Xin Zhao [xzhao at bnl.gov]
> I have a similar question. We are considering to upgrade to grizzly using OVS/vlan model, if I understand the doc correctly,
> all the external traffic and internal intra-virtual network traffic go through the network host, which makes the network host a
> single point of failure, and high loaded. So my question is, how people deal with this bottleneck in network node? Is it possible
> to deploy multiple network nodes, or using other plugin, like OpenFlow, is the solution ?

Hi,

Using VLANs should be less of a problem load-wise since it can use tcp-offloading on the NIC.
GRE tunnels cannot do this.

All traffic will go through the l3-agent. 
You can have multiple l3 agents but only one l3 agent per network can be active at the time so this is a SPOF. 
There was a plan to have multiple l3 agents per network for Grizzly but that never made it.
I looked at the Havana bug fixes but it *seems* that the functionality is still not there yet.

Until there is a HA option for the l3 agent  you will have to create your own way of providing HA:

1) Use Pacemaker to provide HA for the l3-agent 
2) Use your normal (HA) router: since you are going to use VLANs you can create those interfaces on your router. 
    If you have full control over network creation you can just create a config manually / script it.
    If you do not have full control (e.g. allowing 3rd party's to create their own networking) you would have to integrate your router with Neutron
    ( Not sure if there are 3rd party router drivers already implemented, would be nice if someone could give some clarity on this. 
      I would like Vyatta support :)
3) Patch what ever needs access to your machines directly into the a VLAN the Openstack machine has so you do not need to route traffic. 
    e.g. patch your load-balancer directly into the VLAN of your webservers.
    You probably still need a router / l3-agent to access the machine for management but that becomes way less critical if the production traffic does not hit it.

We are currently using 3 and will look into 1 & 2 after the Havana release. (if the l3-agent is still not possible with HA.)

Cheers,
Robert van Leeuwen

More information about the Openstack mailing list