Merge "[doc] Briefly describe VPNaaS plugin changes with OVN"

This commit is contained in:
Zuul 2024-04-02 17:21:12 +00:00 committed by Gerrit Code Review
commit 20f10e44c8

View File

@ -88,6 +88,11 @@ The following procedure describes how to modify the
#. ``neutron_plugin_base`` is as follows: #. ``neutron_plugin_base`` is as follows:
.. NOTE::
In the case your ``neutron_plugin_type`` is ``ml2.ovn``,
use ``ovn-vpnaas`` plugin instead
.. code-block:: yaml .. code-block:: yaml
neutron_plugin_base: neutron_plugin_base:
@ -152,6 +157,11 @@ You can also define customized configuration files for VPN service with the vari
With that ``neutron_l3_agent_ini_overrides`` should be also defined in 'user_variables.yml' With that ``neutron_l3_agent_ini_overrides`` should be also defined in 'user_variables.yml'
to tell ``l3_agent`` use the new config file: to tell ``l3_agent`` use the new config file:
.. NOTE::
Please, use variable ``neutron_ovn_vpn_agent_overrides`` when
``neutron_plugin_type`` is set to ``ml2.ovn``.
.. code-block:: yaml .. code-block:: yaml
neutron_l3_agent_ini_overrides: neutron_l3_agent_ini_overrides:
@ -162,6 +172,30 @@ to tell ``l3_agent`` use the new config file:
openswan: openswan:
ipsec_config_template: "{{ neutron_conf_dir }}/ipsec.conf.template" ipsec_config_template: "{{ neutron_conf_dir }}/ipsec.conf.template"
VPNaaS Agent for OVN
--------------------
Since 2024.1 release (Caracal) VPNaaS service does support ``ml2.ovn``
plugin type.
While configuration of the service is pretty much alike, implementation beneath
has significant differences.
First of all, VPNaaS is represented with a standalone agent that is coordinated
with help of RabbitMQ. This means, that a new Agent Type ``VPN Agent`` will
appear in ``openstack network agent list`` output.
On a VPN site connection creation, VPN agent will handle a namespace creation
on an arbitrary OVN gateway node, inside which ipsec connection will be created
Since OVN L3 Router implementation is not using namespaces, VPN Agent will
utilize an extra external IP, since it can not be shared now with the router.
Moreover, an extra patch network will be created to connect VPN Agent with L3
agent.
For more details on the implementation please reffer to the `VPNaaS OVN Spec`_
.. _VPNaaS OVN Spec: https://opendev.org/openstack/neutron-specs/src/branch/master/specs/xena/vpnaas-ovn.rst
BGP Dynamic Routing service (optional) BGP Dynamic Routing service (optional)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~