Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Adam, depending on your current setup and what you are trying to do, there are different possibilities. The easiest would be if you want transparent VLANs, meaning that neither Neutron nor your VM guests know about VLANs. Then you would have one bridge (earlier: br-join) where all the tagging would take place. The external interfaace would be configured as trunk while each connectick interface is taggedn with the one VLAN ID for its network (from Neutrons view still outside). If you want Neutron to manage VLANs than I'd have to think a bit more about the setup. But in this case, a bit more information about your setup would help, too. Regards, Uwe Am 28. April 2015 04:44:33 MESZ, schrieb Adam Lawson alaw...@aqorn.com: So quickly since I'm working on a similar use case: What are the requirements to implement multiple external networks on the same NIC if we *can* use VLAN tags? Is it as simple as adding the external network to Neutron the same way we did with the existing external network and trunk that subnet via VLAN#nnn? Is there any special Neuton handlers for traffic on one VLAN versus another? *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (844) 4-AQORN-NOW ext. 101 International: +1 302-387-4660 Direct: +1 916-246-2072 On Mon, Apr 27, 2015 at 10:22 AM, Uwe Sauter uwe.sauter...@gmail.com wrote: if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. In parallel emails we have established that I have to do what you have drawn. I need to do that the node(s) that run L3 agents. Do I need to modify the bridge_mappings, flat_networks, or network_vlan_ranges configuration statement on the other nodes (compute hosts)? Thanks, Mike I think you just need to create the cascading bridges with their inter-connects, then tell Neutron the association between secondary bridge (e.g. br-ext1, br-ext2) and external network. Then create (!) the external networks and restart Neutron. Concerning you intra-cloud networking I don't think you need to reconfigure anything as long as this is already working. Compute hosts shouldn't be affected as its not their business to know about external networks. Regards, Uwe ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Am 27.04.2015 um 16:36 schrieb Mike Spreitzer: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/25/2015 04:17:35 PM: Or instead of using Linux bridges you could use a manually created OpenVSwitch bridge. This allows you to add internal ports that could be used by Neutron like any other interface. - Create OVS bridge - Add your external interface to OVS bridge * If your external connection supports/needs VLANs, configure external interface as trunk - Add any number of internal interfaces to OVS bridge * Tag each interface with its VLAN ID, if needed - Configure Neutron to use one internal interface for each subnet you'd like to use (no VLAN configuration required as this happenes outside of Neutron) Regards, Uwe Am 25.04.2015 um 21:41 schrieb George Shuklin: Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with- patch-ports/) Instruct neutron like there is two external networks: one on br- ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Now that I have found my bridge_mappings configuration statement, I can return to thinking about what you said. It sounds very similar to what George said --- it is just that you suggest an OVS switch in place of George's br-join (which I had assumed was also an OVS switch, since it is named like the others). Do I have this right? Thanks, Mike Mike, if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. Regards, Uwe ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Uwe Sauter uwe.sauter...@gmail.com wrote on 04/25/2015 04:17:35 PM: Or instead of using Linux bridges you could use a manually created OpenVSwitch bridge. This allows you to add internal ports that could be used by Neutron like any other interface. - Create OVS bridge - Add your external interface to OVS bridge * If your external connection supports/needs VLANs, configure external interface as trunk - Add any number of internal interfaces to OVS bridge * Tag each interface with its VLAN ID, if needed - Configure Neutron to use one internal interface for each subnet you'd like to use (no VLAN configuration required as this happenes outside of Neutron) Regards, Uwe Am 25.04.2015 um 21:41 schrieb George Shuklin: Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with- patch-ports/) Instruct neutron like there is two external networks: one on br- ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Now that I have found my bridge_mappings configuration statement, I can return to thinking about what you said. It sounds very similar to what George said --- it is just that you suggest an OVS switch in place of George's br-join (which I had assumed was also an OVS switch, since it is named like the others). Do I have this right? Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Uwe Sauter uwe.sauter...@gmail.com wrote on 04/27/2015 10:54:15 AM: Am 27.04.2015 um 16:36 schrieb Mike Spreitzer: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/25/2015 04:17:35 PM: Or instead of using Linux bridges you could use a manually created OpenVSwitch bridge. This allows you to add internal ports that could be used by Neutron like any other interface. - Create OVS bridge - Add your external interface to OVS bridge * If your external connection supports/needs VLANs, configure external interface as trunk - Add any number of internal interfaces to OVS bridge * Tag each interface with its VLAN ID, if needed - Configure Neutron to use one internal interface for each subnet you'd like to use (no VLAN configuration required as this happenes outside of Neutron) Regards, Uwe Am 25.04.2015 um 21:41 schrieb George Shuklin: Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with- patch-ports/) Instruct neutron like there is two external networks: one on br- ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Now that I have found my bridge_mappings configuration statement, I can return to thinking about what you said. It sounds very similar to what George said --- it is just that you suggest an OVS switch in place of George's br-join (which I had assumed was also an OVS switch, since it is named like the others). Do I have this right? Thanks, Mike Mike, if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. To be precise, are you suggesting that I have just one br-ex, connected to the host NIC as usual, and in my bridge_mappings configuration statement, map all the external network names to br-ex? Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
So quickly since I'm working on a similar use case: What are the requirements to implement multiple external networks on the same NIC if we *can* use VLAN tags? Is it as simple as adding the external network to Neutron the same way we did with the existing external network and trunk that subnet via VLAN#nnn? Is there any special Neuton handlers for traffic on one VLAN versus another? *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (844) 4-AQORN-NOW ext. 101 International: +1 302-387-4660 Direct: +1 916-246-2072 On Mon, Apr 27, 2015 at 10:22 AM, Uwe Sauter uwe.sauter...@gmail.com wrote: if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. In parallel emails we have established that I have to do what you have drawn. I need to do that the node(s) that run L3 agents. Do I need to modify the bridge_mappings, flat_networks, or network_vlan_ranges configuration statement on the other nodes (compute hosts)? Thanks, Mike I think you just need to create the cascading bridges with their inter-connects, then tell Neutron the association between secondary bridge (e.g. br-ext1, br-ext2) and external network. Then create (!) the external networks and restart Neutron. Concerning you intra-cloud networking I don't think you need to reconfigure anything as long as this is already working. Compute hosts shouldn't be affected as its not their business to know about external networks. Regards, Uwe ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Uwe Sauter uwe.sauter...@gmail.com wrote on 04/27/2015 01:22:35 PM: if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. In parallel emails we have established that I have to do what you have drawn. I need to do that the node(s) that run L3 agents. Do I need to modify the bridge_mappings, flat_networks, or network_vlan_ranges configuration statement on the other nodes (compute hosts)? Thanks, Mike I think you just need to create the cascading bridges with their inter-connects, then tell Neutron the association between secondary bridge (e.g. br-ext1, br-ext2) and external network. Then create (!) the external networks and restart Neutron. Concerning you intra-cloud networking I don't think you need to reconfigure anything as long as this is already working. Compute hosts shouldn't be affected as its not their business to know about external networks. So I did what George said and you drew, using OVS bridges, and it seems to be working. Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
On 2015-04-27 22:59, Mike Spreitzer wrote: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/27/2015 10:54:15 AM: What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. To be precise, are you suggesting that I have just one br-ex, connected to the host NIC as usual, and in my bridge_mappings configuration statement, map all the external network names to br-ex? you can only have one flat network per bridge. i don't know what's your usercase but one i had the need to map 2 different public ip address to each vm vnic, i was going to do the double bridge thing but i resolved it using allowed pairs extension. it may work for you -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
gustavo panizzo (gfa) g...@zumbi.com.ar wrote on 04/27/2015 11:23:13 AM: On 2015-04-27 22:59, Mike Spreitzer wrote: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/27/2015 10:54:15 AM: What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. To be precise, are you suggesting that I have just one br-ex, connected to the host NIC as usual, and in my bridge_mappings configuration statement, map all the external network names to br-ex? you can only have one flat network per bridge. i don't know what's your usercase but one i had the need to map 2 different public ip address to each vm vnic, i was going to do the double bridge thing but i resolved it using allowed pairs extension. it may work for you My use case is that I have two behaviorally different external subnets --- they are treated differently by stuff outside of OpenStack, with consequences that are meaningful to tenants. Thus, I have two categories of floating IP addresses, depending on which external subnet holds the floating IP address. The difference is meaningful to tenants. So I need to enable a tenant to request a floating IP address of a specific category. Since Neutron equates floating IP address allocation pool with network, I need two external networks. Both of these external subnets are present on the same actual external LAN, thus both are reached through the same host NIC. It looks to me like the allowed mac/IP address pair feature will not solve this problem. Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Am 27.04.2015 um 17:23 schrieb gustavo panizzo (gfa): you can only have one flat network per bridge. I didn't know that. Well, than the only idea that comes to *my* mind is to have cascading bridges like George suggested. It won't matter if you use Linux bridges or OVS. I heard that OVS should perform better but cannot prove. Regards, Uwe ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
gustavo panizzo (gfa) g...@zumbi.com.ar wrote on 04/27/2015 11:23:13 AM: On 2015-04-27 22:59, Mike Spreitzer wrote: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/27/2015 10:54:15 AM: What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. To be precise, are you suggesting that I have just one br-ex, connected to the host NIC as usual, and in my bridge_mappings configuration statement, map all the external network names to br-ex? you can only have one flat network per bridge. i don't know what's your usercase but one i had the need to map 2 different public ip address to each vm vnic, i was going to do the double bridge thing but i resolved it using allowed pairs extension. it may work for you My use case is that I have two behaviorally different external subnets --- they are treated differently by stuff outside of OpenStack, with consequences that are meaningful to tenants. Thus, I have two categories of floating IP addresses, depending on which external subnet holds the floating IP address. The difference is meaningful to tenants. So I need to enable a tenant to request a floating IP address of a specific category. Since Neutron equates floating IP address allocation pool with network, I need two external networks. Both of these external subnets are present on the same actual external LAN, thus both are reached through the same host NIC. It looks to me like the allowed mac/IP address pair feature will not solve this problem. Sorry, I simplified too much. Here is one other critical detail. I do not really have just two different external subnets. What I really have is two behaviorally different collections of subnets. I need to make a Neutron external network for each of the two collections of external subnets. Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Uwe Sauter uwe.sauter...@gmail.com wrote on 04/27/2015 10:54:15 AM: Am 27.04.2015 um 16:36 schrieb Mike Spreitzer: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/25/2015 04:17:35 PM: Or instead of using Linux bridges you could use a manually created OpenVSwitch bridge. This allows you to add internal ports that could be used by Neutron like any other interface. - Create OVS bridge - Add your external interface to OVS bridge * If your external connection supports/needs VLANs, configure external interface as trunk - Add any number of internal interfaces to OVS bridge * Tag each interface with its VLAN ID, if needed - Configure Neutron to use one internal interface for each subnet you'd like to use (no VLAN configuration required as this happenes outside of Neutron) Regards, Uwe Am 25.04.2015 um 21:41 schrieb George Shuklin: Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with- patch-ports/) Instruct neutron like there is two external networks: one on br- ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Now that I have found my bridge_mappings configuration statement, I can return to thinking about what you said. It sounds very similar to what George said --- it is just that you suggest an OVS switch in place of George's br-join (which I had assumed was also an OVS switch, since it is named like the others). Do I have this right? Thanks, Mike Mike, if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. In parallel emails we have established that I have to do what you have drawn. I need to do that the node(s) that run L3 agents. Do I need to modify the bridge_mappings, flat_networks, or network_vlan_ranges configuration statement on the other nodes (compute hosts)? Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
if I understood Georges answer correctly he suggested one bridge (br-join, either OVS or linux bridge) to connect other bridges via patch links, one for each external network you'd like to create. These second level bridges are then used for the Neutron configuration: br-ext1 - Neutron / patch-link / ethX –br-join \ patch-link \ br-ext2 - Neutron I suggested to use an OVS bridge because there it'd be possible to stay away from the performance-wise worse patch-links and Linux bridges and use internal interfaces to connect to Neutron directly – which on second thought won't work if Neutron expects a bridge in that place. What I suggested later on is that you probably don't need any second level bridge at all. Just create a second/third external network with appropriate CIDR. As long as those networks are externally connected to your interface (and thus the bridge) you should be good to go. In parallel emails we have established that I have to do what you have drawn. I need to do that the node(s) that run L3 agents. Do I need to modify the bridge_mappings, flat_networks, or network_vlan_ranges configuration statement on the other nodes (compute hosts)? Thanks, Mike I think you just need to create the cascading bridges with their inter-connects, then tell Neutron the association between secondary bridge (e.g. br-ext1, br-ext2) and external network. Then create (!) the external networks and restart Neutron. Concerning you intra-cloud networking I don't think you need to reconfigure anything as long as this is already working. Compute hosts shouldn't be affected as its not their business to know about external networks. Regards, Uwe ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
[Openstack-operators] [neutron] multiple external networks on the same host NIC
Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248 --- which describes how to have multiple external networks but uses a distinct host network interface for each one. Thanks, Mike___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Uwe Sauter uwe.sauter...@gmail.com wrote on 04/25/2015 04:42:06 PM: Am 25.04.2015 um 22:28 schrieb Mike Spreitzer: From: Uwe Sauter uwe.sauter...@gmail.com Or instead of using Linux bridges you could use a manually created OpenVSwitch bridge. This allows you to add internal ports that could be used by Neutron like any other interface. - Create OVS bridge - Add your external interface to OVS bridge * If your external connection supports/needs VLANs, configure external interface as trunk - Add any number of internal interfaces to OVS bridge * Tag each interface with its VLAN ID, if needed - Configure Neutron to use one internal interface for each subnet you'd like to use (no VLAN configuration required as this happenes outside of Neutron) Regards, Uwe Am 25.04.2015 um 21:41 schrieb George Shuklin: Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with- patch-ports/) Instruct neutron like there is two external networks: one on br- ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Thanks, Mike Thanks Uwe, I might try that, it sounds like the simplest thing that will work. I think I can not use VLAN tagging in my environment. I am using ML2 with OVS, and it is working now with a single external network. Should I expect to find a bridge_mappings entry in my plugin.ini? I do not find one now. This setup was mainly created by other people, so I am not sure what to expect. When using ML2 with OVS, how do I tell Neutron what my bridge mappings are? Thanks, Mike Mike, VLAN is optional in the setup I described. I just was pointing out where such a configuration could take place. As far as my experience with OVS and Neutron goes, Neutron will just ignore already existing configurations. That's also the reason why install manuals tell you to create br-int and br-ex. Regarding the exact configuration of ML2 and plugin.ini I'm not quite sure if I understand your question correctly. Are you asking how to tell Neutron which interface should be used for the different IP subnets? Perhaps you could post your plugin.ini with sensitive information replaced with something generic. Regards, Uwe Yes, I realize the VLAN tagging is just an option in the approach you are outlining. George pointed out that VLAN tagging could carry even more of the load here. I mentioned that I can not use VLAN tagging as an explanation of why I have to pursue what you are describing. Following in my plugin.ini. As you can see, it is not what I would be editing. I have already added stuff to flat_networks, in anticipation of being able to use more than one. My problem is that there is no bridge_mappings, so I can not update it to add more external networks! # This file autogenerated by Chef # Do not edit, changes will be overwritten [ml2] # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. # # type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan type_drivers = gre,flat # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # but provides no connectivity between hosts. # # tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan tenant_network_types = gre # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. # mechanism_drivers = # Example: mechanism_drivers = openvswitch,mlnx # Example: mechanism_drivers = arista # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Bridge mappings is an agent configuration value, it's not in the neutron server config. Run ps -ef and look for the neutron openvswitch agent process to see which configuration files it's referencing. The bridge mappings will be in one of those. On Apr 25, 2015 1:55 PM, Mike Spreitzer mspre...@us.ibm.com wrote: Uwe Sauter uwe.sauter...@gmail.com wrote on 04/25/2015 04:42:06 PM: Am 25.04.2015 um 22:28 schrieb Mike Spreitzer: From: Uwe Sauter uwe.sauter...@gmail.com Or instead of using Linux bridges you could use a manually created OpenVSwitch bridge. This allows you to add internal ports that could be used by Neutron like any other interface. - Create OVS bridge - Add your external interface to OVS bridge * If your external connection supports/needs VLANs, configure external interface as trunk - Add any number of internal interfaces to OVS bridge * Tag each interface with its VLAN ID, if needed - Configure Neutron to use one internal interface for each subnet you'd like to use (no VLAN configuration required as this happenes outside of Neutron) Regards, Uwe Am 25.04.2015 um 21:41 schrieb George Shuklin: Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with- patch-ports/) Instruct neutron like there is two external networks: one on br- ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Thanks, Mike Thanks Uwe, I might try that, it sounds like the simplest thing that will work. I think I can not use VLAN tagging in my environment. I am using ML2 with OVS, and it is working now with a single external network. Should I expect to find a bridge_mappings entry in my plugin.ini? I do not find one now. This setup was mainly created by other people, so I am not sure what to expect. When using ML2 with OVS, how do I tell Neutron what my bridge mappings are? Thanks, Mike Mike, VLAN is optional in the setup I described. I just was pointing out where such a configuration could take place. As far as my experience with OVS and Neutron goes, Neutron will just ignore already existing configurations. That's also the reason why install manuals tell you to create br-int and br-ex. Regarding the exact configuration of ML2 and plugin.ini I'm not quite sure if I understand your question correctly. Are you asking how to tell Neutron which interface should be used for the different IP subnets? Perhaps you could post your plugin.ini with sensitive information replaced with something generic. Regards, Uwe Yes, I realize the VLAN tagging is just an option in the approach you are outlining. George pointed out that VLAN tagging could carry even more of the load here. I mentioned that I can not use VLAN tagging as an explanation of why I have to pursue what you are describing. Following in my plugin.ini. As you can see, it is not what I would be editing. I have already added stuff to flat_networks, in anticipation of being able to use more than one. My problem is that there is no bridge_mappings, so I can not update it to add more external networks! # This file autogenerated by Chef # Do not edit, changes will be overwritten [ml2] # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. # # type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan type_drivers = gre,flat # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # but provides no connectivity between hosts. # # tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Can you put them to different vlans? After that it would be very easy task. If not, AFAIK, neutron does not allow this. Or you can trick it thinking it is (are) separate networks. Create brige (br-join), plug eth to it. Create to fake external bridges (br-ex1, br-ex2). Join them together to br-join by patch links (http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/) Instruct neutron like there is two external networks: one on br-ex1, second on br-ex2. But be alert that this not very stable configuration, you need to maintain it by yourself. On 04/25/2015 10:13 PM, Mike Spreitzer wrote: Is there a way to create multiple external networks from Neutron's point of view, where both of those networks are accessed through the same host NIC? Obviously those networks would be using different subnets. I need this sort of thing because the two subnets are treated differently by the stuff outside of OpenStack, so I need a way that a tenant can get a floating IP of the sort he wants. Since Neutron equates floating IP allocation pools with external networks, I need two external networks. I found, for example, http://www.marcoberube.com/archives/248--- which describes how to have multiple external networks but uses a distinct host network interface for each one. Thanks, Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [neutron] multiple external networks on the same host NIC
Kevin Benton blak...@gmail.com wrote on 04/25/2015 08:38:25 PM: Bridge mappings is an agent configuration value, it's not in the neutron server config. Run ps -ef and look for the neutron openvswitch agent process to see which configuration files it's referencing. The bridge mappings will be in one of those. Thanks, that led me to it. Mike ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
