[rhos-list] Multiple Flat Networking config

Brent Eagles beagles at redhat.com
Thu Jul 18 13:32:18 UTC 2013


Hi Nicolas,

On 07/18/2013 03:23 AM, Vogel Nicolas wrote:
> Hi,
>
> I'm trying to make a quantum "Multiple Flat Network" configuration (the 2nd
   > Use case in the Quantum doc).
>
> I have four NICs on my server (em1, em2, p1p1, p1p2). I configured the first
> (em1) with static IP and used it for the packstack deployment. Everthing
> worked fine. I want to use this NIC only for management purpose and Openstack
> services.
>
> After the packstack allinone install, br-int and br-ex were available. Then I
> created to new networks and subnets. The first only for internal
> communication, and the second for external communication. This external
> network/subnet matches the subnet connected on em2 NIC.
>
> Then I activate my second and third NIC (em2 abd p1p1) without any IP. I run
> following commands: sudo ovs-vsctl add-port br-ex em2 and sudo ovs-vsctl
> add-port br-int p1p1 because I wan't the br-int bridge for internal
> communication only and the br-ex bridge for communication with the outside
> world.
>
> I can start VMs with 2 NICs on the 2 networks I created and both got an IP
> address per DHCP. But my VM isn't reachable from the outside world. I add
> rules to the default group to allow PING and SSH.
>
> Is my configuration right? Did I make something wrong or do I need more
> specific configuration?
>
> Thanks for the answers.
>
> Nicolas.

While I cannot give you a single answer that will fix your 
configuration, I can help you debug it further and maybe resolve the 
issues yourself.

Your VMs are able to communicate with each other over their private 
network, right? Configurations that don't require inter-host 
connectivity can use the "local" network type for the integration bridge 
and don't require a physical ethernet device to be added to the 
integration bridge. Since you are going down the route of having an 
actual external interface looks like you might heading for configuration 
a where you can add additional nodes in the future. Considering that, 
you should verify some details with respect to your network/bridge 
mappings in ovs_quantum_plugin.ini. It sounds like you missed a few 
steps because you would typically have something like:

ovs-vsctl add-br br-p1p1
ovs-vsctl add-port br-p1p1 p1p1

instead of adding p1p1 directly to the integration bridge. Generally 
speaking, OpenStack takes care of br-int.

After you've created br-p1p1, the ovs section in your 
ovs_quantum_plugin.ini file should have something like this:

network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-p1p1

The openvswitch agent ends up putting br-p1p1 on the br-int integration 
bridge for you, effectively connecting the integration bridge to your 
physical ethernet device! Take a look at 
http://docs.openstack.org/trunk/openstack-network/admin/content/demo_flat_installions.html 
for similar instructions. I know that is the topology you are going for 
but that part of the instructions is valid.

Interestingly enough, a similar thing is going to happen for your 
'external' network. You mention that your VMs have both interfaces 
initialized via DHCP. Does your second network (the one that is NOT the 
br-int one) and subnet have DHCP enabled, or did you create it as an 
externally routed network with the intent of allocating IPs like they 
were floating IP addresses. I'm guessing the former if the VMs have 2 
network interfaces. I'll continue with that assumption, so forgive me if 
I am off base.

br-ex is for the external network bridge, which is managed by the 
l3_agent, which implies routing. So adding an interface to br-ex won't 
get you what you want. It sounds really like you are trying to integrate 
a network that is reachable using a physical IF on the host with VIFs on 
the VMs. This is more interesting :) Honestly I haven't tried that 
myself... yet. However, it is similar to connecting multiple nodes 
together. Unfortunately, this is someone outside the realm of what the 
OpenStack documentation tends to address but that doesn't mean it is 
impossible. I'll give you some info that might help you solve this 
yourself! Disclaimer: I'm not saying you *should* do this, but your 
network topology is your business.

As I've mentioned above, br-ex is for routing to public networks. If you 
are trying to connect VIFs from your VMs directly to host accessible 
network you are dealing with br-int. Basically you are going to want to 
setup your other interface (em2) just like p1p1 and associate your 
non-private network with "physnet2" or whatever you call it. You will 
need to study up on VLAN vs Flat etc, in order to configure 
ovs_quantum_plugin.ini properly. What is correct depends entirely on 
your network but if you understand the docs and understand your network, 
getting the config right shouldn't be too bad.

Unfortunately, that is about as far as I can take you. I've already 
assumed a lot by guessing what you are trying to do with that second 
network and any further advice would be based on my imagination, not 
what you are actually trying to do ;)

Cheers,

Brent




More information about the rhos-list mailing list