[Rdo-list] Openstack Liberty with DVR and VLAN overlay

Charles Short cems at ebi.ac.uk
Mon Mar 21 10:20:32 UTC 2016 

An update on this -

My issue was having to manually add the external VLAN tag to the fg 
interface everytime a new FIP namespace was created (FIP namespaces are 
deleted when there are no more instances on a compute node with floating 
ips)

I discovered that you can create a virtual bridge within a bridge with a 
default VLAN tag. So when a port is dynamically created in this new 
bridge it automatically get the external VLAN tag.

  sudo ovs-vsctl add-br br-vlan1041 br-ex 1041

This solves the issue. I just point the neutron config to the new 
external bridge and the fg ports get created on the new virtual bridge 
tagged with 1041

Charles


On 02/03/2016 09:34, Charles Short wrote:
> Hi,
>
> I have a simple single nic bare metal set up much like this -
>
> https://answers.launchpad.net/neutron/+question/228376
>
> Tenant networks are VLANs, and the external network a VLAN provider 
> network.
> This enables me to have one bridge which allows the VLAN overlays to 
> pass between nodes/physical switches, and importantly allows external 
> access via floating ip through the external provider network VLAN.
>
> This was all working fine, but I wanted to install DVR. I saw that DVR 
> functionality had relatively recently been added for VLAN overlays 
> (Kilo and beyond)
>
> https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr-vlan
>
> So I enabled DVR, noting that for VLAN overlays l2population is not 
> required.
> I created two instances, two tenant networks one with a normal router 
> (non DVR) and one with a DVR router.
>
> I first tested SNAT on both. Worked fine (I could ping externally from 
> the instances)
> I then applied a FIP to the non DVR routed instance. I could ping the 
> instance from the external network, so all working fine.
>
> I then applied a FIP to the DVR routed instance. This is where the 
> problems began. I could not ping externally from the instance, and I 
> could not ping the instance from the external network.
> I looked at the traffic flow schematic outlined here for North/South 
> FIP (allowing for the fact I am not using tunneling) -
>
> http://docs.openstack.org/liberty/networking-guide/scenario_dvr_ovs.html
>
> I noticed that the fg interface from the FIP namespace in my compute 
> node was NOT attached to br-int as in the guide, but was attached to 
> my VLAN bridge. This seemed odd.
> I thought that maybe this would have an effect on the tagging, so 
> tried manually adding the tag for the external provider network VLAN 
> to the fg port on the VLAN bridge
>
> ovs-vsctl set port fg-15df2853-c2 tag=1041
>
> Suddenly it all started working.  I could now ping externally from the 
> DVR routed instance, and I could ping the instance from the external 
> network.
>
>
> Please can someone explain why I am seeing this behavior?
>
> Thanks
>
> Charles
>

-- 
Charles Short
Cloud Engineer
Virtualization and Cloud Team
European Bioinformatics Institute (EMBL-EBI)
Tel: +44 (0)1223 494205

More information about the dev mailing list