<div dir="ltr"><div dir="ltr"><div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Wed, Sep 19, 2018 at 10:13 AM Cody <<a href="mailto:codeology.lab@gmail.com">codeology.lab@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Hi there,<br>
<br>
I sent a similar question below to OpenStack ML last week, but haven't<br>
got any answers yet. Since it is a TripleO related question, I am<br>
reposting it here and hope for a better luck.<br>
<br>
According to the TripleO documentation [1], the default Neutron<br>
external bridge (NeutronExternalNetworkBridge) is left empty. This<br>
seems to let the physical interface map to br-int instead of br-ex,<br>
and (somehow) use more CPU power as oppose to using br-ex directly. I<br>
don't get it... Does it mean the external traffic would go directly<br>
from br-int to the physical interface without using br-ex? Could<br>
someone walk me through the traffic flow in this case? I really<br>
appreciate your help!<br>
<br>
[1] <a href="https://docs.openstack.org/tripleo-docs/latest/install/advanced_deployment/network_isolation.html#using-the-native-vlan-for-floating-ips" rel="noreferrer" target="_blank">https://docs.openstack.org/tripleo-docs/latest/install/advanced_deployment/network_isolation.html#using-the-native-vlan-for-floating-ips</a><br>
<br>
<br>
Regards,<br>
Cody<br>
_______________________________________________<br>
users mailing list<br>
<a href="mailto:users@lists.rdoproject.org" target="_blank">users@lists.rdoproject.org</a><br>
<a href="http://lists.rdoproject.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.rdoproject.org/mailman/listinfo/users</a><br>
<br>
To unsubscribe: <a href="mailto:users-unsubscribe@lists.rdoproject.org" target="_blank">users-unsubscribe@lists.rdoproject.org</a><br>
</blockquote></div><br clear="all"><div>If you set the Neutron external bridge explicitly (such as to "br-ex"), then only that bridge can be used for floating IPs and SNAT. This is because the router net namespace is attached directly to the external bridge, rather than to br-int. If you set this to a blank string, then everything will be tied to br-int, and you can have multiple external bridges, or multiple provider external networks on the same bridge. This is useful for separating floating IP pools for different tenants, or for other fine-grained traffic control.</div><div><br></div><div>While it is true that setting this to a blank string means one extra bridge hop in the data path (from the router namespace to br-int), this is no longer such an issue as the OVS code is significantly more efficient than it used to be. Keep in mind that traffic will traverse several bridges before hitting the VM even in the case of using an explicit external bridge, so it's not like the one extra bridge hop doubles OVS CPU utilization, it's just a small fractional increase. I have always recommend that a blank string be used in all cases, as this leaves flexibility to add bridge interfaces in the future, and has an overall small impact on CPU utilization. In fact, setting an explicit external bridge was deprecated, and if it hasn't been removed by now I'm surprised.</div><div><br></div><div><a href="https://bugs.launchpad.net/neutron/+bug/1511578">https://bugs.launchpad.net/neutron/+bug/1511578</a><br></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Dan Sneddon | Senior Principal OpenStack Engineer<br><a href="mailto:dsneddon@redhat.com" target="_blank">dsneddon@redhat.com</a> | <a href="http://redhat.com/openstack" target="_blank">redhat.com/openstack</a><br>dsneddon:irc | @dxs:twitter<br></div></div></div></div></div>