<html><head><meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><style>
body {
zoom: ;
}
</style></head><body>
<div><span></span>Thanks for the reply. I want to access openstack dashboard from my pc via "192.168.1.0/24" not "192.168.24.0/24". So I think I should set external network on the bridge and <span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);">remove the corresponding VLAN interface. Maybe I </span><span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);">misunderstand the external network?</span></div><div><span style="color: rgb(0, 0, 0); font-size: 10.5pt; line-height: 1.5; background-color: rgba(0, 0, 0, 0);">By the way, I use linux bridge because it is easier to understand than ovs.</span></div>
<div><img src="cid:_Foxmail.1@acfc6e87-d3d0-7239-1492-f523b5f64522" border="0"></div><hr style="width: 210px; height: 1px;" color="#b5c4df" size="1" align="left">
<div><span><div style="MARGIN: 10px; FONT-FAMILY: verdana; FONT-SIZE: 10pt"><div>qinglong.dong@horebdata.cn</div></div></span></div>
<blockquote style="margin-Top: 0px; margin-Bottom: 0px; margin-Left: 0.5em"><div> </div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"><div style="PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-SIZE: 12px;FONT-FAMILY:tahoma;COLOR:#000000; BACKGROUND: #efefef; PADDING-BOTTOM: 8px; PADDING-TOP: 8px"><div><b>From:</b> <a href="mailto:dsneddon@redhat.com">Dan Sneddon</a></div><div><b>Date:</b> 2018-01-03 05:24</div><div><b>To:</b> <a href="mailto:qinglong.dong@horebdata.cn">qinglong.dong@horebdata.cn</a>; <a href="mailto:users@lists.rdoproject.org">users</a></div><div><b>Subject:</b> Re: [rdo-users] [tripleo]network isolation</div></div></div><div><div>On 12/24/2017 10:55 PM, qinglong.dong@horebdata.cn wrote:</div>
<div>> Hi, all</div>
<div>> I want to deploy an baremetal environment(pike)</div>
<div>> with network isolation. I have three controller nodes and one compute</div>
<div>> node. Each node has 3 nics. If I set external network as a vlan I</div>
<div>> succeed. But If I set external network on the bridge(using native</div>
<div>> vlan on the trunked interface) I fail. Anyone can help? Thanks!</div>
<div>> Here are some config of controller nodes. Compute node does not</div>
<div>> have external network and storage management network.</div>
<div>> </div>
<div>> </div>
<div>> *Controller NICs*</div>
<div>> </div>
<div>> *Bonded Interface * *Bond Slaves* </div>
<div>> bond1 eth1, eth2 </div>
<div>> </div>
<div>> *Networks* </div>
<div>> *NIC*</div>
<div>> Provisioning </div>
<div>> eth0</div>
<div>> External </div>
<div>> bond1 / br-ex</div>
<div>> Internal </div>
<div>> bond1 / vlan201</div>
<div>> Tenant </div>
<div>> bond1 / vlan204</div>
<div>> Storage </div>
<div>> bond1 / vlan202</div>
<div>> Storage Management </div>
<div>> bond1 / vlan203</div>
<div>> </div>
<div>> *network-environment.yaml*</div>
<div>> resource_registry:</div>
<div>> OS::TripleO::Compute::Net::SoftwareConfig:</div>
<div>> ../network/config/bond-with-vlans/compute.yaml</div>
<div>> OS::TripleO::Controller::Net::SoftwareConfig:</div>
<div>> ../network/config/bond-with-vlans/controller.yaml</div>
<div>> parameter_defaults:</div>
<div>> ControlPlaneSubnetCidr: '24'</div>
<div>> ControlPlaneDefaultRoute: 192.168.24.1</div>
<div>> EC2MetadataIp: 192.168.24.1 </div>
<div>> InternalApiNetCidr: 172.17.0.0/24</div>
<div>> StorageNetCidr: 172.18.0.0/24</div>
<div>> StorageMgmtNetCidr: 172.19.0.0/24</div>
<div>> TenantNetCidr: 172.16.0.0/24</div>
<div>> ExternalNetCidr: 192.168.1.0/24</div>
<div>> InternalApiNetworkVlanID: 201</div>
<div>> StorageNetworkVlanID: 202</div>
<div>> StorageMgmtNetworkVlanID: 203</div>
<div>> TenantNetworkVlanID: 204</div>
<div>> InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]</div>
<div>> StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]</div>
<div>> StorageMgmtAllocationPools: [{'start': '172.19.0.10', 'end': '172.19.0.200'}]</div>
<div>> TenantAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}]</div>
<div>> ExternalAllocationPools: [{'start': '192.168.1.223', 'end': '192.168.1.235'}]</div>
<div>> ExternalInterfaceDefaultRoute: 192.168.1.1</div>
<div>> DnsServers: ["192.168.1.1"]</div>
<div>> NeutronNetworkType: 'vlan'</div>
<div>> NeutronTunnelTypes: ''</div>
<div>> NeutronNetworkVLANRanges: 'datacentre:1:1000'</div>
<div>> BondInterfaceOvsOptions: "bond_mode=active-backup"</div>
<div>> NeutronMechanismDrivers: linuxbridge</div>
<div>> </div>
<div>> *controller.yaml *</div>
<div>> [...]</div>
<div>> resources:</div>
<div>> OsNetConfigImpl:</div>
<div>> type: OS::Heat::SoftwareConfig</div>
<div>> properties:</div>
<div>> group: script</div>
<div>> config:</div>
<div>> str_replace:</div>
<div>> template:</div>
<div>> get_file: ../../scripts/run-os-net-config.sh</div>
<div>> params:</div>
<div>> $network_config:</div>
<div>> network_config:</div>
<div>> - type: interface</div>
<div>> name: nic1</div>
<div>> use_dhcp: false</div>
<div>> addresses:</div>
<div>> - ip_netmask:</div>
<div>> list_join:</div>
<div>> - /</div>
<div>> - - get_param: ControlPlaneIp</div>
<div>> - get_param: ControlPlaneSubnetCidr</div>
<div>> routes:</div>
<div>> - ip_netmask: 169.254.169.254/32</div>
<div>> next_hop:</div>
<div>> get_param: EC2MetadataIp</div>
<div>> - type: linux_bridge</div>
<div>> name: bridge_name</div>
<div>> dns_servers:</div>
<div>> get_param: DnsServers</div>
<div>> use_dhcp: false</div>
<div>> addresses:</div>
<div>> - ip_netmask:</div>
<div>> get_param: ExternalIpSubnet</div>
<div>> routes:</div>
<div>> - default: true</div>
<div>> next_hop:</div>
<div>> get_param: ExternalInterfaceDefaultRoute</div>
<div>> members:</div>
<div>> - type: linux_bond</div>
<div>> name: bond1</div>
<div>> bonding_options: mode=1</div>
<div>> members:</div>
<div>> - type: interface</div>
<div>> name: nic2</div>
<div>> primary: true</div>
<div>> - type: interface</div>
<div>> name: nic3</div>
<div>> - type: vlan</div>
<div>> device: bond1</div>
<div>> vlan_id:</div>
<div>> get_param: InternalApiNetworkVlanID</div>
<div>> addresses:</div>
<div>> - ip_netmask:</div>
<div>> get_param: InternalApiIpSubnet</div>
<div>> - type: vlan</div>
<div>> device: bond1</div>
<div>> vlan_id:</div>
<div>> get_param: StorageNetworkVlanID</div>
<div>> addresses:</div>
<div>> - ip_netmask:</div>
<div>> get_param: StorageIpSubnet</div>
<div>> - type: vlan</div>
<div>> device: bond1</div>
<div>> vlan_id:</div>
<div>> get_param: StorageMgmtNetworkVlanID</div>
<div>> addresses:</div>
<div>> - ip_netmask:</div>
<div>> get_param: StorageMgmtIpSubnet</div>
<div>> - type: vlan</div>
<div>> device: bond1</div>
<div>> vlan_id:</div>
<div>> get_param: TenantNetworkVlanID</div>
<div>> addresses:</div>
<div>> - ip_netmask:</div>
<div>> get_param: TenantIpSubnet</div>
<div>> outputs:</div>
<div>> OS::stack_id:</div>
<div>> description: The OsNetConfigImpl resource.</div>
<div>> value:</div>
<div>> get_resource: OsNetConfigImpl</div>
<div>> </div>
<div>> </div>
<div>> _______________________________________________</div>
<div>> users mailing list</div>
<div>> users@lists.rdoproject.org</div>
<div>> http://lists.rdoproject.org/mailman/listinfo/users</div>
<div>> </div>
<div>> To unsubscribe: users-unsubscribe@lists.rdoproject.org</div>
<div>> </div>
<div> </div>
<div>The NIC config looks correct for putting the External network on the</div>
<div>native VLAN. If I had to guess what the problem is, I would start at the</div>
<div>switch. The switch configuration will be different when hosting the</div>
<div>External network as a native VLAN rather than a trunked (tagged) VLAN.</div>
<div>Are you certain that the External network was being delivered only as a</div>
<div>native VLAN, and that the switch wasn't adding VLAN tags for the</div>
<div>External network?</div>
<div> </div>
<div>What is the reason you would prefer to have the External network on the</div>
<div>native VLAN? The External network is used for hosting the public APIs,</div>
<div>so it should function the same on a tagged VLAN as it does on a native</div>
<div>VLAN. In any case, it should work either way, provided the switch is set</div>
<div>up correctly. You can always use a different VLAN/subnet for Neutron</div>
<div>external network(s) than you do for the public API, if you have separate</div>
<div>IP space. Of course, when you create the Neutron external network, you</div>
<div>would use type 'flat' for native VLAN, or type 'vlan' with the VLAN ID</div>
<div>specified as the 'segmentation_id' for tagged networks.</div>
<div> </div>
<div>I also wonder why you are using a Linux bridge? I know the OVS driver</div>
<div>gets a lot more testing, and should have roughly equivalent performance</div>
<div>these days. I know that the Linux bridge worked fine with the External</div>
<div>network on native VLAN back in Icehouse/Juno timeframe, but I've</div>
<div>personally only been testing OVS bridges in recent releases.</div>
<div> </div>
<div>-- </div>
<div>Dan Sneddon | Senior Principal Software Engineer</div>
<div>dsneddon@redhat.com | redhat.com/openstack</div>
<div>dsneddon:irc | @dxs:twitter</div>
<div> </div>
</div></blockquote>
</body></html>