On Mon, Apr 25, 2022 at 7:52 AM Marcos Dione via discuss
<ovs-discuss@openvswitch.org> wrote:
>
>
> Hi, I'm new here, so be patient with me. In fact, I don't know much
> of OVN/OVS
> because I'm actually using it through LXD. I can follow much of what LXD
> builds for me
> at a high level, but I need something LXD doesn't provide and this led me
> here.
>
> LXD can create containers with arbitrary NICs and attach them to
> networks. The
> networks I create are now running on top of OVN and OVS; they consist of a
> switch and a
> router. These networks are completely isolated, which is good, but I need at
> least one
> of them to do the following:
>
> * Provide DHCP so one of the interfaces in the containers can get its IP from
> it.
> * Provide internet access to the containers.
> * Provide an upstream DNS server to the containers.
>
> This used to be provided by LXD with a linux bridge and dnsmasq
> running on it,
> butr LXD does not do this for OVN networks, so I have to do it myself.
>
> In my head, this sounds quite easy: create a new port on the switch,
> and
> somehow connect an interface on the host to that switch and just run dnsmasq
> on it. Let's
> look at what I did to accomplish the former:
>
>
> --- 8< ---
> # I get the switch's UUID; LXD does not create them with nice names :(
> sudo ovn-nbctl lsp-add $switch_uuid lxd-provision
> sudo ovn-nbctl lsp-set-addresses lxd-provision dynamic
>
> # then I get the MAC addr and IPv4 addr
>
> # I don't know why I have to do the following step
> sudo ovs-vsctl add-port br-int lxd-provision -- \
> set interface lxd-provision type=internal mac="[\"${mac_addr}\"]" \
> external_ids:iface-id=lxd-provision
>
> # that created an interface on the host, we have to assing the same IP to it
> sudo ip address add ${ipv4}/24 dev lxd-provision
>
> sudo ip link set lxd-provision up
> --- >8 ---
>
>
> That works, meaning that if I configure the container and the host
> properly (routes,
> forwarding, masquerading), I can ping from the container to say 1.1.1.1. My
> first set of
> questions is:
>
> Is this OK, or is it as hacky as it sounds to me?
>
> Why do I have to go all the way down to OVS to create (another?) port
> with the same
> MAC addr than the port I created at the OVN level? And similarly, why do I
> have to assign
> the _same_ IP to the external interface on the host?
OVN does not create interfaces, it sets up interfaces created
elsewhere. (e.g. by your CMS, cloud / container management system).
When you create a ovs port, you establish a link between the ovs port
and OVN port entity in db through the external_ids:iface-id attribute.
>
> LXD uses OVN's DHCP server to provide that initial IP, with these
> params:
>
> $ sudo ovn-nbctl dhcp-options-get-options 22646e19-d7d8-4917-9a55-48b2cf329b1e
> server_mac=00:16:3e:e9:5f:fc
> router=10.138.38.1 <-- change to 10.138.38.2
> server_id=10.138.38.1
> mtu=1442
> domain_name="lxd"
> lease_time=3600
>
> 10.138.38.1 is the IP of the router I barely mentioned in the second
> paragraph.
> Meanwhile the interface I just crated has IP 10.138.38.2, so I either want
> this DHCP server
> to be off and replace it with dnsmasq, or I can live with this server as long
> as I can
> configure it so the router and DNS server options can be changed so they
> point to the dnsmasq
> running on my host. But once I change at least that highlighted option (yes,
> I know I have
> to re-set all the options in one go), DHCP stops working. That leads me to
> the second (set of)
> questions:
>
> Where it the documentation for the capabilities of this DHCP server;
You can check ovn-nb(5), e.g. here:
https://man7.org/linux/man-pages/man5/ovn-nb.5.html
Search for "IPv4 DHCP Options". This will allow you to set router and
dns_server options for native DHCPv4 replies.
>
> Or can you tell me what I'm doing wrong here?
>
> I hope you got all the way down here. Thanks for listening. Cheers,
>
> -- Marcos.
>
> --
> Marcos Dione | Engineering EMEA - Installer
> Phone: +33 6 24 21 59 91
> Zoom: 261-124-4701
> https://cloudian.com/
> _______________________________________________
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
