[Openstack] [openstack][icehouse][neutron][floatingip][br-ex]

James Denton james.denton at rackspace.com
Fri Oct 17 16:42:42 UTC 2014


Subbareddy,

Added one of my nic which has connected to trunk port of switch to br-ex , I would like create multiple external networks and use each one for them for different  tenants or if different tenants wants to create their own floating ip networks ,what is the solution?

Tenants are not able to create their own floating IP networks. That is handled by the administrator. A provider network needs the router:external attribute set to TRUE to be eligible as a floating pool.

Issues I am facing here are:

I . if I add multiple subnets to external network , how to create floating ip from specific subnet?

As far as I know, you can’t. Not sure about Juno, but in Havana there was no way to specify an address from the pool with the floatingip-create command. The address used would be the next available address. It will consume all addrs from the allocation range in subnet1, then move on to subnet2.

Ii . can I create multiple external networks with single L3 agent?

Yes, starting with Icehouse. There is no special configuration as far as i know. You can have multiple provider networks with router:external set to true.

iii.  should I create virtual interfaces like eth2.23(23 is vlan)  and add them to br-ex for each vlan?

You will not want to add multiple interfaces to the br-ex bridge if that’s what you’re using, as you would then bridge all of the vlans. Rather than using a hard-defined bridge in the l3_agent.ini, set set external_network_bridge to ‘br-int’ or just leave it blank. For every floating pool you want to create, use the net-create/subnet-create commands to create the networks and set router:external to true. Neutron will place both the qg and qr ports in the integration bridge, and leverage the corresponding provider bridge you specified in net-create.

When tenants create their router and use router-gateway-set to attach to one of the networks you created, Neutron will connect the router ports to br-int, set the internal vlan accordingly on each port, and build the corresponding flows on the integration and provider bridges.

The idea is to leverage OVS to do the VLAN tagging for you, so don’t put eth2.23 in the bridge - put eth2 in the provider bridge and specify VLAN 23 as the segmentation Id in the net-create command. You can leverage the same provider bridge for multiple VLANs when OVS does the tagging.

Hope that helps.

James



Correct me if  I am wrong in understanding  floating ip networks in neutron.


On Oct 16, 2014, at 8:05 PM, Chinasubbareddy M <chinasubbareddy_m at persistent.co.in<mailto:chinasubbareddy_m at persistent.co.in>> wrote:

Thank you so much  of your clarification james.
Can you please guide me for my second question that I asked in the mail?
If each tenant wants to create their own floating ip networks , what is the best design?

From: James Denton [mailto:james.denton at rackspace.com]
Sent: Thursday, October 16, 2014 11:12 PM
To: Chinasubbareddy M; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] [openstack][icehouse][neutron][floatingip][br-ex]

Subbareddy,

The external bridge (br-ex), when set, is used only for the external (qg) port of the router AFAIK and does not need to connect to br-int. The internal interface of the router (qr) is connected to the integration bridge. If floating IPs are working ok, and your router is properly routing traffic to instances, then your configuration is working properly as-is. A provider bridge, like br-eth1, would connect to the integration bridge via a patch port as you’ve described.

James

From: Chinasubbareddy M <chinasubbareddy_m at persistent.co.in<mailto:chinasubbareddy_m at persistent.co.in>>
Date: Thursday, October 16, 2014 at 11:58 AM
To: "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
Subject: [Openstack] [openstack][icehouse][neutron][floatingip][br-ex]

Hi,

1.       I have successfully configured floating ips  in neutron and everything working fine , but as per the docs there should be int-br-ex and phy-br-int  veth pair should be created  between br-int and br-ex, but  that  is not created in my setup ,floating ip are working fine, Please suggest .
2.       Added one of my nic which has connected to trunk port of switch to br-ex , I would like create multiple external networks and use each one for them for different  tenants or if different tenants wants to create their own floating ip networks ,what is the solution?
Issues I am facing here are:

I . if I add multiple subnets to external network , how to create floating ip from specific subnet?
Ii . can I create multiple external networks with single L3 agent?
iii.  should I create virtual interfaces like eth2.23(23 is vlan)  and add them to br-ex for each vlan?

Correct me if  I am wrong in understanding  floating ip networks in neutron.


Here is my ovs-vsctl output:

ovs-vsctl show
f85c99e8-7423-42da-879e-8d4e3f79c7f2
    Bridge br-ex
        Port "em3.29"
            Interface "em3.29"
        Port "qg-01b3854d-fa"
            Interface "qg-01b3854d-fa"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
    Bridge "br-eth1"
        Port "phy-br-eth1"
            Interface "phy-br-eth1"
        Port "br-eth1"
            Interface "br-eth1"
                type: internal
        Port "em2"
            Interface "em2"
    Bridge br-int
        Port "qr-b70d92cb-cd"
            tag: 2
            Interface "qr-b70d92cb-cd"
                type: internal
        Port "qvoa239a290-cf"
            tag: 2
            Interface "qvoa239a290-cf"
        Port br-int
            Interface br-int
                type: internal
        Port "tapfaa69064-de"
            tag: 5
            Interface "tapfaa69064-de"
                type: internal
        Port "int-br-eth1"
            Interface "int-br-eth1"
        Port "qvo9bce9829-2a"
            tag: 5
            Interface "qvo9bce9829-2a"
        Port "tapd3e11080-82"
            tag: 2
            Interface "tapd3e11080-82"
                type: internal

regards,
subbareddy,
persistent systems ltd.

DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.

DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20141017/574b57aa/attachment.html>


More information about the Openstack mailing list