[Openstack] Help with multiple external network in openstack

James Denton james.denton at rackspace.com
Sat Jun 6 00:13:59 UTC 2015 

Hi Geo,

When configuring multiple provider bridges, try to think of a 1:1 relationship between a provider bridge and a physical interface on the host that connects to a particular switching layer (in many cases). For example:

br-eth0 is a bridge containing eth0. Eth0 connects to a switching infrastructure behind a firewall.

br-eth1 is a bridge containing eth1. Eth1 connects to a dedicated backup infrastructure.

There are countless combinations here, and they depend greatly on your network infrastructure.

Now, for each of these bridges I am allowed a single flat network and up to ~4,096 vlans. The real number will depend on the physical infrastructure, however.

When using OVS, you will create your provider bridges using the 'ovs-vsctl add-br' command. You will need to add a physical interface to each of those bridges using the 'ovs-vsctl add-port' command. Within the ML2 conf file, you will define the provider label to provider bridge mappings. Using my examples above, it may look like this:

externalnet:br-eth0,backupnet:br-eth1

So when I go to create my network (as an admin) I can specify the provider attributes including label name, segmentation id, and network type. If I wanted to create a Neutron network that used vlan id 200 on my external infrastructure I would use the following attributes:

Network type: vlan
Provider label: externalnet
Segmentation id: 200

If I create a router and use externalnet as the network in the 'router-gateway-set' command, the OVS agent is smart enough to put the flow rules that manipulate traffic on both br-int (where my router qg and qr ports live) and the br-eth0 bridge thanks to the mappings I defined in the ML2 conf file. If I create a network using the backupnet label, the OVS agent would put rules on br-int and br-eth1, accordingly.

Now, network_vlan_ranges is used specifically for tenant network allocation. Non-admin users have no visibility into the network type, ids, bridges, etc. So, if tenant_network_types is set to vlan,  you can define WHICH provider bridge is used and the IDs to be allocated when a tenant creates a network. You may have an interface and corresponding bridge dedicated to tenant network traffic, so tenantnet:br-eth2, for example. You could set the network_vlan_ranges to tenantnet:1000:1999, which would allow tenants to create 2000 vlans. When they're gone, tenants cannot create add'l networks. Tenant_network_types is an ordered list, so you could have vlan,vxlan,gre, for example. When the vlans have been consumed, it moves to vxlan then to gre.

All of the tenant network stuff is abstracted from the user, so they have no idea WHAT type of network they've created. Just FYI.

I apologize for being a bit long winded here. Hope this helps!

James






Sent from my iPhone

On Jun 5, 2015, at 2:45 AM, Geo Varghese <gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>> wrote:

Kevin,

Thanks for the reply.

Have added these names of external network in any other configurations

On Fri, Jun 5, 2015 at 4:18 AM, Fox, Kevin M <Kevin.Fox at pnnl.gov<mailto:Kevin.Fox at pnnl.gov>> wrote:
Those are the 4 external networks. In this cloud, they are all linux bridges.

I'm not using vlan tagging on this cloud, so I'm not sure what that would look like.

Thanks,
Kevin
________________________________
From: Geo Varghese [gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>]
Sent: Thursday, June 04, 2015 1:02 PM

To: Fox, Kevin M
Cc: openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: Help with multiple external network in openstack

Kevin,

Thanks. Can you please explain these values

pub:br-pub,scz:br-scz,osg:br-osg,mgmt:br-mgmt

These 4 networks are external networks? How you created these bridges.

Can you please specify the value added for

network_vlan_ranges =

Are you using vlan tag fro external network.

Sorry for many questions :)





---------- Forwarded message ----------
From: Fox, Kevin M <Kevin.Fox at pnnl.gov<mailto:Kevin.Fox at pnnl.gov>>
Date: Fri, Jun 5, 2015 at 1:24 AM
Subject: RE: Help with multiple external network in openstack
To: Geo Varghese <gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>>
Cc: "openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>" <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>, "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>


In /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini currently we have:
bridge_mappings = pub:br-pub,scz:br-scz,osg:br-osg,mgmt:br-mgmt

Thanks,
Kevin
________________________________
From: Geo Varghese [gvarghese at aqorn.com<mailto:gvarghese at aqorn.com>]
Sent: Thursday, June 04, 2015 12:29 PM
To: Fox, Kevin M
Cc: openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: Help with multiple external network in openstack

Thanks for the reply Kevin.

Currently bridge mapping is empty string.

As I am not creating br-ex bridge due to multiple external network. Can you please explain what i have to do.

On Thursday, June 4, 2015, Fox, Kevin M <Kevin.Fox at pnnl.gov<mailto:Kevin.Fox at pnnl.gov>> wrote:
Bridge mappings set in plugin.ini?

Thanks,
Kevin

________________________________
From: Geo Varghese
Sent: Thursday, June 04, 2015 6:25:46 AM
To: openstack-operators at lists.openstack.org; openstack at lists.openstack.org
Subject: [Openstack-operators] Help with multiple external network in openstack

Hi Team,

I need some help to setup multiple external network

In normal single external network we create br-ex bridge and add it in

/etc/neutron/l3_agent.ini

As

external_network_bridge = br-ex

It is working for me.


But in the case of multiple external network, this variable to be set to empty according to the docs. I did that but seems working.

Any one please specify whta other changes i have to do to make it working.

Thanks for your support guys.


--
Regards,
Geo Varghese



--
--
Regards,
Geo Varghese



--
--
Regards,
Geo Varghese
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150606/823a998f/attachment.html>

More information about the Openstack mailing list