[Openstack] Multiple vlan on ml2 Liberty
Ender Mujica
emujicad at gmail.com
Tue Aug 23 16:29:28 UTC 2016
He Remo,
We are using VLAN, VXLAN,GRE and FLAT network at the same time
Here is some information for you, It is workin to us
#######################
#Variables:
neutron_computehost="Use the IP address or FQDN"
bridge_mappings="frontend:br-vlanfe,backend:br-vlanbe,externa:br-ex"
# If you want our installer to automatically create the neutron VLAN
networks, you can
# use "yes" in vlan_network_create and list the networks, space separated,
in the create list
# variable.
# every network item must be in the form: physical-net:logical-net:vlan_id.
Physical-net must be
# in your bridge_mappings above (se the sample: physical01:br-eth2). The
"vlan_id" is your vlan tag.
# Sample:
# vlan_network_create_list="physical01:public:16 physical01:private:120
physical02:external:200"
vlan_network_create="yes"
vlan_network_create_list="frontend:red-vlan1:1 frontend:red-vlan2:2
backend:red-vlan4:4 backend:red-vlan5:5"
# Also, you need to set up your network vlan ranges. Sample:
# network_vlan_ranges="physical01:1:20,physical01:20:200,physical02:100:300"
# Here we are using two bridge. The first one handle the vlans 1 to 3 and
the second one handle the vlan 4 to 6.
network_vlan_ranges="frontend:1:3,backend:4:6"
# If you want our installer to automatically create the neutron FLAT
networks, you can
# use "yes" in flat_network_create and list the networks, space separated,
in the create list
# variable.
# every network item must be in the form: physical-net:logical-net.
Physical-net must be
# in your bridge_mappings above (se the sample: physical01:br-eth2)
# Sample:
# flat_network_create_list="physical01:public physical01:private
physical02:external physical02:internal"
flat_network_create="yes"
flat_network_create_list="externa:red-ext01"
# Also, you need to set up your physical FLAT network names. Sample:
# flat_networks="physical01,physical02"
flat_networks="externa"
# If you change the following variable to "yes", we'll include a DNSMASQ
rule
# that will try to force a MTU of 1454 bytes trough dhcp option 26. This is
only
# needed if you are going to use GRE. If you are using vlan of flat
networks, let
# the option in "no"
forcegremtu="yes"
#
# If you are going to use gre or vxlan, change the following variables
according
# to your preferences ids
tunnel_id_ranges="1:2000"
vni_ranges="1:2000"
#
# If you want our installer to automatically create the neutron GRE
networks, you can
# use "yes" in gre_network_create and list the networks, space separated,
in the create list
# variable.
# every network item must be in the form: logical-net:tunnel_id. The
"tunnel_id" is your gre tag, it must
# be between the "tunnel_id_ranges" variable.
# Sample:
# gre_network_create_list="grepublic:100 greprivate:110"
gre_network_create="yes"
gre_network_create_list="red-gre21:21 red-gre22:22"
#
#
# If you want our installer to automatically create the neutron VXLAN
networks, you can
# use "yes" in vxlan_network_create and list the networks, space separated,
in the create list
# variable.
# every network item must be in the form: logical-net:vni_id. The "vni_id"
is your vxlan tag, it must
# be between the "vni_id_range" variable.
# Sample:
# vxlan_network_create_list="vxlanpublic:100 vxlanprivate:110"
vxlan_network_create="yes"
vxlan_network_create_list="red-vxlan111:111 red-vxlan112:112"
#########################
#Configuration. Please install crudini to configure .ini files
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers
"local,flat,vlan,gre,vxlan"
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers
"openvswitch,l2population"
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2
tenant_network_types "flat,vlan,gre,vxlan"
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup
enable_security_group True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup
enable_ipset True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup
firewall_driver
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Only if you are going to congigure VXLAN and GRE Networks
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling
True
#Configurqation for vlans
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan
network_vlan_ranges $network_vlan_ranges
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat
flat_networks $flat_networks
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip
$neutron_computehost
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings
$bridge_mappings
#Configuration for VXLAN & GRE
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini agent arp_responder True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types
"gre,vxlan"
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini agent vxlan_udp_port
"4789"
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini agent l2_population True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan
vxlan_group "239.1.1.1"
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan
vni_ranges $vni_ranges
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre
tunnel_id_ranges $tunnel_id_ranges
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers
port_security
# Scripts
if [ $vlan_network_create == "yes" ]
then
source $keystone_admin_rc_file
for MyNet in $vlan_network_create_list
do
echo ""
physicalnet=`echo $MyNet|cut -d: -f1`
logicalnet=`echo $MyNet|cut -d: -f2`
vlantagnet=`echo $MyNet|cut -d: -f3`
echo "Creating logical VLAN network $logicalnet on
physical network: $physicalnet with TAG:$vlantagnet"
neutron net-create $logicalnet \
--shared \
--provider:segmentation_id $vlantagnet \
--provider:network_type vlan \
--router:external \
--provider:physical_network $physicalnet
echo ""
echo "VLAN Network $logicalnet created on physical
net: $physicalnet with TAG ID: $vlantagnet !"
echo ""
done
fi
if [ $flat_network_create == "yes" ]
then
source $keystone_admin_rc_file
for MyNet in $flat_network_create_list
do
echo ""
physicalnet=`echo $MyNet|cut -d: -f1`
logicalnet=`echo $MyNet|cut -d: -f2`
echo "Creating logical FLAT network $logicalnet on
physical network: $physicalnet"
neutron net-create $logicalnet \
--shared \
--provider:segmentation_id 0 \
--provider:network_type flat \
--router:external \
--provider:physical_network $physicalnet
echo ""
echo "FLAT Network $logicalnet created on physical
net: $physicalnet !"
echo ""
done
fi
if [ $gre_network_create == "yes" ]
then
source $keystone_admin_rc_file
for MyNet in $gre_network_create_list
do
echo ""
logicalnet=`echo $MyNet|cut -d: -f1`
gretagnet=`echo $MyNet|cut -d: -f2`
echo "Creating logical GRE network $logicalnet with
tunnel ID:$gretagnet"
neutron net-create $logicalnet \
--shared \
--provider:segmentation_id $gretagnet \
--provider:network_type gre \
#--router:external
echo ""
echo "GRE Network $logicalnet created with tunnel
ID: $gretagnet !"
echo ""
done
fi
if [ $vxlan_network_create == "yes" ]
then
source $keystone_admin_rc_file
for MyNet in $vxlan_network_create_list
do
echo ""
logicalnet=`echo $MyNet|cut -d: -f1`
vxlantagnet=`echo $MyNet|cut -d: -f2`
echo "Creating logical VXLAN network $logicalnet
with VNI:$vxlantagnet"
neutron net-create $logicalnet \
--shared \
--provider:segmentation_id $vxlantagnet \
--provider:network_type vxlan \
#--router:external
echo ""
echo "VXLAN Network $logicalnet with VNI ID:
$vxlantagnet !"
echo ""
done
fi
###################
#Here Some examples to create subnet using the network created above:
#VLAN
neutron subnet-create red-vlan1 192.168.1.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-vlan1 --allocation-pool
start=192.168.1.20,end=192.168.1.199
neutron subnet-create red-vlan2 192.168.2.0/24 --gateway 192.168.2.10
--dns_nameservers list=true 8.8.8.8 --enable_dhcp True --name subred-vlan2
--allocation-pool start=192.168.2.20,end=192.168.2.199
#neutron subnet-create red-vlan3 192.168.3.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-vlan3 --allocation-pool
start=192.168.3.20,end=192.168.3.199
neutron subnet-create red-vlan4 192.168.4.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-vlan4 --allocation-pool
start=192.168.4.20,end=192.168.4.199
neutron subnet-create red-vlan5 192.168.5.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-vlan5 --allocation-pool
start=192.168.5.20,end=192.168.5.199
#neutron subnet-create red-vlan6 192.168.6.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-vlan6 --allocation-pool
start=192.168.6.20,end=192.168.6.199
#FLAT
neutron subnet-create red-ext01 192.168.16.0/24 --name subred-ext01
--allocation-pool start=192.168.16.20,end=192.168.16.199 --disable-dhcp
--gateway 192.168.16.1
#GRE
neutron subnet-create red-gre21 192.168.21.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-gre21 --allocation-pool
start=192.168.21.20,end=192.168.21.199
neutron subnet-create red-gre22 192.168.22.0/24 --dns_nameservers list=true
8.8.8.8 --enable_dhcp True --name subred-gre22 --allocation-pool
start=192.168.22.20,end=192.168.22.199
#VXLAN
neutron subnet-create red-vxlan111 192.168.111.0/24 --dns_nameservers
list=true 8.8.8.8 --enable_dhcp True --name subred-vxlan111
--allocation-pool start=192.168.111.20,end=192.168.111.199
neutron subnet-create red-vxlan112 192.168.112.0/24 --dns_nameservers
list=true 8.8.8.8 --enable_dhcp True --name subred-vxlan112
--allocation-pool start=192.168.112.20,end=192.168.112.199
########################################
#Here is part of my etc/networkterfaces file. By the way we are using
ubuntu 14.04. THe servers has two network inetrfaces and we are using
openvswitch, part of the
bridge are been controlled by this files. You need create br-int separated.
root at openstack-02:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# Crea un Bridge/Switch de Openvswitch equivalente a la linea de comando
# ovs-vsctl add-br br-vlanfe
allow-ovs br-vlanfe
iface br-vlanfe inet manual
ovs_type OVSBridge
ovs_ports p2p1 vlan1 vlan2 vlan3
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz equivalente a la
linea de comando
# ovs-vsctl add-port br-vlanfe p2p1
allow-br-vlanfe p2p1
iface p2p1 inet manual
ovs_bridge br-vlanfe
ovs_type OVSPort
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz cuya vlan es 1
equivalente a la linea de comando
# ovs-vsctl add-port br-vlanfe vlan1 tag=1 -- set interface vlan1
type=internal
allow-br-vlanfe vlan1
iface vlan1 inet static
ovs_bridge br-vlanfe
ovs_type OVSIntPort
ovs_options tag=1
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
address 192.168.1.12
netmask 255.255.255.0
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz cuya vlan es 2
equivalente a la linea de comando
# ovs-vsctl add-port br-vlanfe vlan2 tag=2 -- set interface vlan2
type=internal
allow-br-vlanfe vlan2
iface vlan2 inet static
ovs_bridge br-vlanfe
ovs_type OVSIntPort
ovs_options tag=2
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
address 192.168.2.12
gateway 192.168.2.10
netmask 255.255.255.0
dns-nameservers 8.8.8.8
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz cuya vlan es 3
equivalente a la linea de comando
# ovs-vsctl add-port br-vlanfe vlan3 tag=3 -- set interface vlan3
type=internal
allow-br-vlanfe vlan3
iface vlan3 inet static
ovs_bridge br-vlanfe
ovs_type OVSIntPort
ovs_options tag=3
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
address 192.168.3.12
netmask 255.255.255.0
#mtu 9000
auto vlan11
iface vlan11 inet static
address 192.168.11.12
netmask 255.255.255.0
#gateway 192.168.11.10
vlan_raw_device p2p1
auto vlan12
iface vlan12 inet static
address 192.168.12.12
netmask 255.255.255.0
#gateway 192.168.12.1
vlan_raw_device p2p1
auto vlan13
iface vlan13 inet static
address 192.168.13.12
netmask 255.255.255.0
#gateway 192.168.13.1
vlan_raw_device p2p1
######################################################################
# Crea un Bridge/Switch de Openvswitch equivalente a la linea de comando
# ovs-vsctl add-br br-vlanbe
allow-ovs br-vlanbe
iface br-vlanbe inet manual
ovs_type OVSBridge
ovs_ports eth1 vlan4 vlan5 vlan6
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz equivalente a la
linea de comando
# ovs-vsctl add-port br-vlanbe eth1
allow-br-vlanbe eth1
iface eth1 inet manual
ovs_bridge br-vlanbe
ovs_type OVSPort
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz cuya vlan es 4
equivalente a la linea de comando
# ovs-vsctl add-port br-vlanbe vlan4 tag=4 -- set interface vlan4
type=internal
allow-br-vlanbe vlan4
iface vlan4 inet static
ovs_bridge br-vlanbe
ovs_type OVSIntPort
ovs_options tag=4
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
address 192.168.4.12
netmask 255.255.255.0
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz cuya vlan es 5
equivalente a la linea de comando
# ovs-vsctl add-port br-vlanbe vlan5 tag=5 -- set interface vlan5
type=internal
allow-br-vlanbe vlan5
iface vlan5 inet static
ovs_bridge br-vlanbe
ovs_type OVSIntPort
ovs_options tag=5
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
address 192.168.5.12
netmask 255.255.255.0
#mtu 9000
# Crea un puerto de Openvswitch y lo agrega la interfaz cuya vlan es 6
equivalente a la linea de comando
# ovs-vsctl add-port br-vlanbe vlan6 tag=6 -- set interface vlan6
type=internal
allow-br-vlanbe vlan6
iface vlan6 inet static
ovs_bridge br-vlanbe
ovs_type OVSIntPort
ovs_options tag=6
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
address 192.168.6.12
netmask 255.255.255.0
#mtu 9000
auto vlan14
iface vlan14 inet static
address 192.168.14.12
netmask 255.255.255.0
#gateway 192.168.14.10
vlan_raw_device eth1
auto vlan15
iface vlan15 inet static
address 192.168.15.12
netmask 255.255.255.0
#gateway 192.168.15.1
vlan_raw_device eth1
auto vlan16
iface vlan16 inet manual
up ifconfig $IFACE up
up ip link $IFACE promisc on
down ifconfig $IFACE down
vlan_raw_device eth1
auto br-ex
iface br-ex inet static
address 192.168.16.12
netmask 255.255.255.0
# I hope this information can help you.
Ender Mujica
Caracas- Venezuela.
2016-08-23 11:13 GMT-04:00 Satish Patel <satish.txt at gmail.com>:
> Remo,
>
> You mean say i should use like following, I am confused. here could
> you give me example in my context where we have 3 VLANs 10, 20 & 30
>
> [ml2_type_vlan]
> network_vlan_ranges = provider
>
> [ovs]
> bridge_mappings = provider:br-provider
>
> On Mon, Aug 22, 2016 at 10:27 PM, Remo Mattei <Remo at italy1.com> wrote:
> > Your bridge mapping looks wrong you have all of them map to the same vlan
> > nic!
> >
> > Inviato da iPhone
> >
> > Il giorno 22 ago 2016, alle ore 19:12, Satish Patel <
> satish.txt at gmail.com>
> > ha scritto:
> >
> > We have 3 VLAN (10,20 & 30) in our physical network on Liberty so how
> > do i define three VLAN set in my configuration should i do following
> > in ml2 plugin?
> >
> > is following method is right?
> >
> > # /etc/neutron/plugins/ml2/ml2_conf.ini
> >
> > type_drivers = vxlan,gre,vlan
> > network_vlan_ranges = vlan10:10:10,vlan20:20:20,vlan30:30:30
> >
> > #In OVS plugin
> >
> > bridge_mappings = vlan10:br-vlan,vlan20:br-vlan,vlan30:br-vlan
> >
> > #Create Network
> >
> > neutron net-create vlan10 --shared --provider:network_type vlan
> > --provider:segmentation_id 10 --provider:physical_network vlan10
> > --router:external
> >
> > neutron net-create vlan20 --shared --provider:network_type vlan
> > --provider:segmentation_id 20 --provider:physical_network vlan20
> > --router:external
> >
> > neutron net-create vlan30 --shared --provider:network_type vlan
> > --provider:segmentation_id 30 --provider:physical_network vlan30
> > --router:external
> >
> > _______________________________________________
> > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> >
> > !DSPAM:1,57bbb2ec149301988010413!
> >
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/
> openstack
>
--
Gracias por su atenciĆ³n,
Atentamente,
Ing. Ender A. Mujica D.
Cel.: +58 (424) 2949015
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160823/ba9708cf/attachment.html>
More information about the Openstack
mailing list