[Openstack] Why is Neutron OVS topology the way it is?

Édouard Thuleau thuleau at gmail.com
Wed Mar 12 08:37:25 UTC 2014


Another alternative is to use the Linux bridge agent with VXLAN tunneling
instead of OVS.
Why you want to use OVS ?

With LB and VXLAN the host topology is clear and understandable.
For example a compute node with 2 VM (a and b) attached to a virtual
network (VNI #1) and another VM (c) attached to another virtual network
(VNI #2), looks like:

VM a       VM b     VM c
   \             /            |
     \         /              |
       \     /                |
       brq-#1            brq-#2
         |                    |
         |                    |
     vxlan-#1          vxlan-#2

And of course, Netfilter functionalities used for security groups works
well with this Linux bridging environment.
But, I recommend to use at least version 3.11 of the Linux kernel (that the
version use by Ubuntu LTS 12.04.4)

Regards,
Édouard.



On Tue, Mar 11, 2014 at 3:57 PM, Robert van Leeuwen <
Robert.vanLeeuwen at spilgames.com> wrote:

> > I was playing with OpenStack Neutron with OVS plugin. When I launch VMs,
> I noticed that there is a Linux
> > bridge (qbrxxx) created for each VM, which is then connected to the OVS
> bridge (ovs-int). See the following.
> > My question is, why couldn't VMs be directly connected to br-int
> (without qbr Linux bridges)? Why do we create
> > additional Linux bridges between OVS bridge and VMs? What is the role of
> Linux bridges here?
>
> This is, depending on your setup, not strictly necessary.
> Depending on the plugin you select you will get these.
> Note that the openvswitch setup with security groups enabled needs these
> devices.
> This is because without them traffic will never hit iptables on the
> compute node.
>
> There is currently work in progress to copy the iptables functionality to
> openvswitch/openflow rules so this setup is no longer needed.
>
> Cheers,
> Robert van Leeuwen
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140312/13196c57/attachment.html>


More information about the Openstack mailing list