Open Stack

>After all these, we create *veth/tap* (as vm/containers vNIC) and plugin
it into *qbr* then we're able to talk with other vms/containers on the same
network through *veth/tap*, am I understanding it right?

Yes, this last step of creating a veth/tap is missing from my script
because I didn't need actual dataplane communication for the tests I was
doing.

>1) isn't it necessary that *veth/tap*'s mac address same as neutron *port*'s
mac address?

Yeah, if you attach something to qbr to behave like the VM interface, you
will need it to be using the mac address of the neutron port, or else the
neutron anti-spoofing rules will prevent it from communicating.


>2) after we plug *qvo* into ovs *br-int*, neutron just automatically add
flows into ovs bridge?

Yes, the agent will receive to the new port event from ovs, retrieve port
details from the server and then setup the flows.

On Fri, May 19, 2017 at 12:09 AM, duhongwei <duhongwei at qiniu.com> wrote:

>
> This script seems easy and cool!
>
> So first we have to create a logical neutron *port*, then create *qbr*,
> *qvo* and *qvb*, and plug *qvb* into *qbr*, finally plug *qvo* into ovs
> *br-int*. After all these, we create *veth/tap* (as vm/containers vNIC)
> and plugin it into *qbr* then we're able to talk with other
> vms/containers on the same network through *veth/tap*, am I understanding
> it right?
>
> Questions,
>
> 1) isn't it necessary that *veth/tap*'s mac address same as neutron *port*'s
> mac address?
> 2) after we plug *qvo* into ovs *br-int*, neutron just automatically add
> flows into ovs bridge?
>
> Regards,
> Dastan
>
> ------------------ Original ------------------
> *From: * "Kevin Benton"<kevin at benton.pub>;
> *Date: * Sat, May 13, 2017 07:46 AM
> *To: * "duhongwei"<duhongwei at qiniu.com>;
> *Cc: * "openstack"<openstack at lists.openstack.org>; "Vallachorum
> Tyranorum"<ardeleandanflorin at gmail.com>;
> *Subject: * Re: [Openstack] How to utilize Neutron independently with
> veths
>
> Nova is only responsible for creating the interface and plugging it into
> the OVS bridge. It's the neutron agent (or alternative neutron backend like
> OVN) responsible for setting up all of the flows.
>
> Here is a hacky script that I had used to create and delete a bunch of
> ports like Nova would that you can probably start with:
> http://paste.openstack.org/show/609478/
>
> On Fri, May 12, 2017 at 4:25 AM, duhongwei <duhongwei at qiniu.com> wrote:
>
>>
>> Thanks Kevin!
>>
>> I'll dig into neutron.agent.linux.interface to see how it works. Before
>> that, would you give me any previews about what steps should be taken to
>> add a veth to a existed Neutron network?
>>
>> Furthermore, is it Neutron who add a veth to ovs bridge or is it the
>> Neutron caller? (such as Nova)
>>
>> Who's adding flows to ovs bridge? Neutron or caller?
>>
>> Regards,
>> Dastan
>>
>> ------------------ Original ------------------
>> *From: * "Kevin Benton"<kevin at benton.pub>;
>> *Date: * Fri, May 12, 2017 10:45 AM
>> *To: * "duhongwei"<duhongwei at qiniu.com>;
>> *Cc: * "openstack"<openstack at lists.openstack.org>; "Vallachorum
>> Tyranorum"<ardeleandanflorin at gmail.com>;
>> *Subject: * Re: [Openstack] How to utilize Neutron independently with
>> veths
>>
>> You want to look in neutron.agent.linux.interface to see how things are
>> plugged into OVS. That's the module used by the L3 agent to plug into
>> OVS/linux bridge/etc.
>>
>> There is a well defined interface name format corresponding to the port
>> ID and the port ID, Mac address, and a couple of other things I can't
>> recall are set in ovsdb to help the agent identify the port as something it
>> should care about.
>>
>> On May 9, 2017 04:49, "duhongwei" <duhongwei at qiniu.com> wrote:
>>
>>>
>>> Thanks Dan!
>>>
>>> I have to write a customized CNI plugin for our product, so it's better
>>> if I know more operation details about how to interact with Neutron
>>> manually (consider myself as Nova). Therefore Kuryr is not my best option
>>> right now, but it's cool!
>>>
>>> Regards,
>>> Dastan
>>>
>>> ------------------ Original ------------------
>>> *From: * "Vallachorum Tyranorum"<ardeleandanflorin at gmail.com>;
>>> *Date: * Tue, May 9, 2017 04:08 PM
>>> *To: * "duhongwei"<duhongwei at qiniu.com>; "openstack"<openstack at lists.op
>>> enstack.org>;
>>> *Subject: * Re: [Openstack] How to utilize Neutron independently with
>>> veths
>>>
>>> Hi,
>>>
>>> Please take a look at Kuryr <https://wiki.openstack.org/wiki/Kuryr>.
>>> Maybe this is what you are looking for.
>>>
>>> Dan.
>>>
>>> On Tue, May 9, 2017 at 10:17 AM duhongwei <duhongwei at qiniu.com> wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> I'm new to OpenStack and currently interested in the Neutron part of
>>>> it. What I'm seeking is some advice about how to utilize Neutron
>>>> independently, to build a virtual network, for Docker containers maybe.
>>>>
>>>> Suppose I've already got Neutron and Keystone installed on controller
>>>> node and compute nodes. I guess the following steps are required to test a
>>>> virtual network.
>>>>
>>>> 1) create a *network*
>>>> 2) create a *subnet*
>>>> 3) create two pairs of veths (each pair represents a vm)
>>>> *for each pair of them*:
>>>> 4) create a *port *for one end of the veth pair (passing veth's mac
>>>> address as a parameter)
>>>> 5) attach another end of the veth pair to ovs bridge
>>>> 6) ping from one veth pair to another
>>>>
>>>> The above is my general idea, don't know if it is correct and don't
>>>> know the operation details either.
>>>> Expecting your suggestions, any links are appreciated.
>>>>
>>>> Regards,
>>>> Dastan
>>>> _______________________________________________
>>>> Mailing list: http://lists.openstack.org/cgi
>>>> -bin/mailman/listinfo/openstack
>>>> Post to     : openstack at lists.openstack.org
>>>> Unsubscribe : http://lists.openstack.org/cgi
>>>> -bin/mailman/listinfo/openstack
>>>>
>>>
>>> _______________________________________________
>>> Mailing list: http://lists.openstack.org/cgi
>>> -bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe : http://lists.openstack.org/cgi
>>> -bin/mailman/listinfo/openstack
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170519/a56f4882/attachment.html>