[rdo-users] [tripleo] Neutron external bridge setting

Paul Yates pyates at redhat.com
Wed Sep 19 20:45:29 UTC 2018

Hi Cody,

Firstly, I don't work for the Openstack team.  I'm with Red Hat Openshift,
but I've worked with Openstack in the past and still have an interest in it
and follow some of the mailing lists.

>From past experience, and from what I take from the docs you linked is:

Older versions of Openstack have the integration bridge (br-int) which
routes traffic to the external bridge (br-ex) and traffic then flows
through the physical interface.
But this limits you to a single floating IP range.

So, newer versions of Openstack set the external bridge setting as empty by
default (  NeutronExternalNetworkBridge: "''" ).
This allows you the capability of mapping multiple physical interfaces
(bonded interfaces or trunked vlans) directly.  While this method removes
the ex-br, you are still introducing an overhead as you are routing
multiple networks over one or more physical interfaces - hence the
additional CPU usage.

What the docs are saying is, if you intend to use multiple external
networks (multiple floating IP rages) then leave this empty (as by default):

NeutronExternalNetworkBridge: "''"

But if you are only intending to use one external network (one floating IP
range), then revert back to the old way of mapping the network to br-ex -
otherwise, you are introducing an additional unnecessary overhead that you
are not making use of.

hope this helps.

kind regards,

On Wed, Sep 19, 2018 at 6:13 PM, Cody <codeology.lab at gmail.com> wrote:

> Hi there,
> I sent a similar question below to OpenStack ML last week, but haven't
> got any answers yet. Since it is a TripleO related question, I am
> reposting it here and hope for a better luck.
> According to the TripleO documentation [1], the default Neutron
> external bridge (NeutronExternalNetworkBridge) is left empty. This
> seems to let the physical interface map to br-int instead of br-ex,
> and (somehow) use more CPU power as oppose to using br-ex directly. I
> don't get it... Does it mean the external traffic would go directly
> from br-int to the physical interface without using br-ex? Could
> someone walk me through the traffic flow in this case? I really
> appreciate your help!
> [1] https://docs.openstack.org/tripleo-docs/latest/install/
> advanced_deployment/network_isolation.html#using-the-
> native-vlan-for-floating-ips
> Regards,
> Cody
> _______________________________________________
> users mailing list
> users at lists.rdoproject.org
> http://lists.rdoproject.org/mailman/listinfo/users
> To unsubscribe: users-unsubscribe at lists.rdoproject.org

Paul Yates
Red Hat,
Communications House,
Cork Road,
phone: +353 51 810166 <%2B420%20532294734>
Email: pyates at redhat.com <lsvobodo at redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/users/attachments/20180919/b324253e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 651CE095-0B6A-4F1D-9CA5-72FD2E2BAAC3.png
Type: image/png
Size: 4439 bytes
Desc: not available
URL: <http://lists.rdoproject.org/pipermail/users/attachments/20180919/b324253e/attachment-0001.png>

More information about the users mailing list