5:20 a.m.
An update on this -
My issue was having to manually add the external VLAN tag to the fg
interface everytime a new FIP namespace was created (FIP namespaces are
deleted when there are no more instances on a compute node with floating
ips)
I discovered that you can create a virtual bridge within a bridge with a
default VLAN tag. So when a port is dynamically created in this new
bridge it automatically get the external VLAN tag.
sudo ovs-vsctl add-br br-vlan1041 br-ex 1041
This solves the issue. I just point the neutron config to the new
external bridge and the fg ports get created on the new virtual bridge
tagged with 1041
Charles
On 02/03/2016 09:34, Charles Short wrote:
Hi,
I have a simple single nic bare metal set up much like this -
https://answers.launchpad.net/neutron/+question/228376
Tenant networks are VLANs, and the external network a VLAN provider
network.
This enables me to have one bridge which allows the VLAN overlays to
pass between nodes/physical switches, and importantly allows external
access via floating ip through the external provider network VLAN.
This was all working fine, but I wanted to install DVR. I saw that DVR
functionality had relatively recently been added for VLAN overlays
(Kilo and beyond)
https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr-vlan
So I enabled DVR, noting that for VLAN overlays l2population is not
required.
I created two instances, two tenant networks one with a normal router
(non DVR) and one with a DVR router.
I first tested SNAT on both. Worked fine (I could ping externally from
the instances)
I then applied a FIP to the non DVR routed instance. I could ping the
instance from the external network, so all working fine.
I then applied a FIP to the DVR routed instance. This is where the
problems began. I could not ping externally from the instance, and I
could not ping the instance from the external network.
I looked at the traffic flow schematic outlined here for North/South
FIP (allowing for the fact I am not using tunneling) -
http://docs.openstack.org/liberty/networking-guide/scenario_dvr_ovs.html
I noticed that the fg interface from the FIP namespace in my compute
node was NOT attached to br-int as in the guide, but was attached to
my VLAN bridge. This seemed odd.
I thought that maybe this would have an effect on the tagging, so
tried manually adding the tag for the external provider network VLAN
to the fg port on the VLAN bridge
ovs-vsctl set port fg-15df2853-c2 tag=1041
Suddenly it all started working. I could now ping externally from the
DVR routed instance, and I could ping the instance from the external
network.
Please can someone explain why I am seeing this behavior?
Thanks
Charles
--
Charles Short
Cloud Engineer
Virtualization and Cloud Team
European Bioinformatics Institute (EMBL-EBI)
Tel: +44 (0)1223 494205