[Openstack] Question about VXLAN support
George Mihaiescu
George.Mihaiescu at Q9.com
Thu Sep 18 13:47:22 UTC 2014
The VLAN ID is only locally significant to each compute node, so same subnet belonging to same tenant could would have different VLAN tags on different compute nodes.
VLAN tag 1 could be used by subnet1 of tenant A on node1 and by subnet1 of tenant B on node 2, with no conflicts.
Both VXLAN and GRE add a 24-bit header, so the maximum number of tunnels is 16 million but each compute node can locally implement only a maximum of 4096 different neutron subnets.
What are the chances that you have more than 4096 instances on a compute node, each connected to a different neutron subnet?
What are the chances that you have more than 409 instances on a compute node, each connected to 10 different neutron subnets?
The same limitation applies to the Neutron node (because a tunnel endpoint exists there as well), so you cannot have a Neutron node where a L3 agent and a DHCP agent serve more than 4096 Neutron subnets, but you would hit other limits by then.
George
________________________________
From: BYEONG-GI KIM [mailto:kimbyeonggi at gmail.com]
Sent: Wednesday, September 17, 2014 10:41 PM
To: George Mihaiescu; openstack at lists.openstack.org
Subject: Re: [Openstack] Question about VXLAN support
Dear George
Thank you for the reply.
I'm a little confused about your reply.
Can be the same tag number assigned to different tenant? For example, I assume the situation where a subnet 1 assigned tag number 1 and it belongs to tenant A, and a subnet b is also assigned tag number 1 and it belongs to tenant B. Or, should be the tag number different even if subnets belong to different tenant?
If the later case, the tag number seems much more strictly limited, because a tenant can have many subnet. If a subnet has 10 subnets, which means 10 tag numbers must be assigned, the openstack only create about 400 tenants.
Is the VXLAN network type in OpenStack really scalable comparing with VLAN or GRE? Or does the current OpenStack just provide functionality to handle VXLAN header?
Please let me know good example about VXLAN usage, which can provide scalability for multi-tenant on OpenStack. I'd like to know whether more than 100000 tenants could be handled by VXLAN on the latest OpenStack implementation or not.
Best regards
Byeong-Gi KIM
2014-09-18 11:20 GMT+09:00 George Mihaiescu <George.Mihaiescu at q9.com>:
The internal VLAD ID is indeed limited to 4096 but this internal tag number is used to isolate different neutron subnets, not tenants.
A tenant could create 10 neutron networks each with its own subnet and then start 10 instances each attached to a separate net/subnet. If these instances would be scheduled on the same compute node then they would all use different internal VLAN IDs (locally unique to that node).
Basically, you're right that there is a built-in limitation of 4096 instances attached to 4096 different Neutron net/subnets on a compute node, but it's not realistic to actually start that many instances on a compute node.
George
________________________________
From: BYEONG-GI KIM [mailto:kimbyeonggi at gmail.com]
Sent: Wednesday, September 17, 2014 8:47 PM
To: openstack at lists.openstack.org
Subject: [Openstack] Question about VXLAN support
Hello.
I have a question about the VXLAN support on OpenStack.
As far as I know, the OVS operates like the below:
1. A tag number is created to identify each tenant, and it is used between br-int and br-tun. Furthermore the tag number is identified as a VLAN ID (I checked it via tcpdump).
2. After the packet arrived at br-tun, it is encapsulated and VNI (VXLAN Network Identifier) is attached. The binding information between the VLAN ID (tag number) and the VNI is stored in OVSDB.
If the operation is correct, it seems that the number of tenants which can be created is still limited to about 4000, which is the supported range of VLAN, because the tag number is used to identify each tenant at the inside of br-int regardless of the supported range of VNI.
If more than 5000 tenants are created in a Compute Node, how could be these identified after the packet arrived at br-int? In the theory, the 4500th tenant should have 4500 tag number but the tag number is presented as VLAN ID so that it cannot be assigned over 4096.
Any advice and comment would really be appreciated.
Best regards
Byeong-Gi KIM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140918/f8339cb2/attachment.html>
More information about the Openstack
mailing list