============================= Scenario - Using Open vSwitch ============================= Overview ~~~~~~~~ Operators can choose to utilize Open vSwitch instead of Linux Bridges for the neutron ML2 agent. This offers different capabilities and integration points with neutron. This document outlines how to set it up in your environment. Recommended reading ~~~~~~~~~~~~~~~~~~~ We recommend that you read the following documents before proceeding: * Neutron documentation on Open vSwitch OpenStack deployments: ``_ * Blog post on how OpenStack-Ansible works with Open vSwitch: ``_ Prerequisites ~~~~~~~~~~~~~ All compute nodes must have bridges configured: - ``br-mgmt`` - ``br-vlan`` (optional - used for vlan networks) - ``br-vxlan`` (optional - used for vxlan tenant networks) - ``br-storage`` (optional - used for certain storage devices) For more information see: ``_ These bridges may be configured as either a Linux Bridge (which would connect to the Open vSwitch controlled by neutron) or as an Open vSwitch. Configuring bridges (Linux Bridge) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following is an example of how to configure a bridge (example: ``br-mgmt``) with a Linux Bridge on Ubuntu 16.04 LTS: ``/etc/network/interfaces`` .. code-block:: shell-session auto lo iface lo inet loopback # Management network auto eth0 iface eth0 inet manual # VLAN network auto eth1 iface eth1 inet manual source /etc/network/interfaces.d/*.cfg ``/etc/network/interfaces.d/br-mgmt.cfg`` .. code-block:: shell-session # OpenStack Management network bridge auto br-mgmt iface br-mgmt inet static bridge_stp off bridge_waitport 0 bridge_fd 0 bridge_ports eth0 address MANAGEMENT_NETWORK_IP netmask 255.255.255.0 One ``br-.cfg`` is required for each bridge. VLAN interfaces can be used to back the ``br-`` bridges if there are limited physical adapters on the system. Configuring bridges (Open vSwitch) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Another configuration method routes everything with Open vSwitch. The bridge (example: ``br-mgmt``) can be an Open vSwitch itself. The following is an example of how to configure a bridge (example: ``br-mgmt``) with Open vSwitch on Ubuntu 16.04 LTS: * ``/etc/network/interfaces`` .. code-block:: shell-session auto lo iface lo inet loopback source /etc/network/interfaces.d/*.cfg # Management network allow-br-mgmt eth0 iface eth0 inet manual ovs_bridge br-mgmt ovs_type OVSPort # VLAN network allow-br-vlan eth1 iface eth1 inet manual ovs_bridge br-vlan ovs_type OVSPort ``/etc/network/interfaces.d/br-mgmt.cfg`` .. code-block:: shell-session # OpenStack Management network bridge auto br-mgmt allow-ovs br-mgmt iface br-mgmt inet static address MANAGEMENT_NETWORK_IP netmask 255.255.255.0 ovs_type OVSBridge ovs_ports eth0 One ``br-.cfg`` is required for each bridge. VLAN interfaces can be used to back the ``br-`` bridges if there are limited physical adapters on the system. OpenStack-Ansible user variables ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Create a group var file for your network hosts ``/etc/openstack_deploy/group_vars/network_hosts``. It has to include: .. code-block:: yaml # Ensure the openvswitch kernel module is loaded openstack_host_specific_kernel_modules: - name: "openvswitch" pattern: "CONFIG_OPENVSWITCH" Specify provider network definitions in your ``/etc/openstack_deploy/openstack_user_config.yml`` that define one or more Neutron provider bridges and related configuration: .. note:: Bridges specified here will be created automatically. If ``network_interface`` is defined, the interface will be placed into the bridge automatically. .. code-block:: yaml - network: container_bridge: "br-provider" container_type: "veth" type: "vlan" range: "101:200,301:400" net_name: "physnet1" network_interface: "bond1" group_binds: - neutron_openvswitch_agent - network: container_bridge: "br-provider2" container_type: "veth" type: "vlan" range: "203:203,467:500" net_name: "physnet2" network_interface: "bond2" group_binds: - neutron_openvswitch_agent When using ``flat`` provider networks, modify the network type accordingly: .. code-block:: yaml - network: container_bridge: "br-publicnet" container_type: "veth" type: "flat" net_name: "flat" group_binds: - neutron_openvswitch_agent Specify an overlay network definition in your ``/etc/openstack_deploy/openstack_user_config.yml`` that defines overlay network-related configuration: .. note:: The bridge name should correspond to a pre-created Linux bridge or OVS bridge. .. code-block:: yaml - network: container_bridge: "br-vxlan" container_type: "veth" container_interface: "eth10" ip_from_q: "tunnel" type: "vxlan" range: "1:1000" net_name: "vxlan" group_binds: - neutron_openvswitch_agent Set the following user variables in your ``/etc/openstack_deploy/user_variables.yml``: .. code-block:: yaml neutron_plugin_type: ml2.ovs neutron_ml2_drivers_type: "flat,vlan,vxlan" neutron_plugin_base: - router - metering The overrides are instructing Ansible to deploy the OVS mechanism driver and associated OVS components. This is done by setting ``neutron_plugin_type`` to ``ml2.ovs``. The ``neutron_ml2_drivers_type`` override provides support for all common type drivers supported by OVS. The ``neutron_plugin_base`` is used to defined list of plugins that will be enabled. If provider network overrides are needed on a global or per-host basis, the following format can be used in ``user_variables.yml`` or per-host in ``openstack_user_config.yml``. .. note:: These overrides are not normally required when defining global provider networks in the ``openstack_user_config.yml`` file. .. code-block:: yaml # When configuring Neutron to support vxlan tenant networks and # vlan provider networks the configuration may resemble the following: neutron_provider_networks: network_types: "vxlan" network_vxlan_ranges: "1:1000" network_vlan_ranges: "physnet1:102:199" network_mappings: "physnet1:br-provider" network_interface_mappings: "br-provider:bond1" # When configuring Neutron to support only vlan tenant networks and # vlan provider networks the configuration may resemble the following: neutron_provider_networks: network_types: "vlan" network_vlan_ranges: "physnet1:102:199" network_mappings: "physnet1:br-provider" network_interface_mappings: "br-provider:bond1" # When configuring Neutron to support multiple vlan provider networks # the configuration may resemble the following: neutron_provider_networks: network_types: "vlan" network_vlan_ranges: "physnet1:102:199,physnet2:2000:2999" network_mappings: "physnet1:br-provider,physnet2:br-provider2" network_interface_mappings: "br-provider:bond1,br-provider2:bond2" # When configuring Neutron to support multiple vlan and flat provider # networks the configuration may resemble the following: neutron_provider_networks: network_flat_networks: "*" network_types: "vlan" network_vlan_ranges: "physnet1:102:199,physnet2:2000:2999" network_mappings: "physnet1:br-provider,physnet2:br-provider2" network_interface_mappings: "br-provider:bond1,br-provider2:bond2" Open Virtual Switch (OVS) commands ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following commands can be used to provide useful information about the state of Open vSwitch networking and configurations. The ``ovs-vsctl show`` command provides information about the virtual switches and connected ports currently configured on the host: .. code-block:: console root@infra01:~# ovs-vsctl show 4ef304ff-b803-4d09-95f5-59a076323949 Manager "ptcp:6640:127.0.0.1" is_connected: true Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port "tap2e7e0507-e4" tag: 2 Interface "tap2e7e0507-e4" type: internal Port int-br-vlan Interface int-br-vlan type: patch options: {peer=phy-br-provider} Port br-int Interface br-int type: internal Port "tap7796ab3d-e9" tag: 5 Interface "tap7796ab3d-e9" type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-tun Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port "vxlan-ac1df015" Interface "vxlan-ac1df015" type: vxlan options: {df_default="true", in_key=flow, local_ip="172.29.240.20", out_key=flow, remote_ip="172.29.240.21"} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port "vxlan-ac1df017" Interface "vxlan-ac1df017" type: vxlan options: {df_default="true", in_key=flow, local_ip="172.29.240.20", out_key=flow, remote_ip="172.29.240.23"} Port br-tun Interface br-tun type: internal Bridge br-provider Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port "ens192" Interface "ens192" Port br-provider Interface br-provider type: internal Port phy-br-provider Interface phy-br-provider type: patch options: {peer=int-br-provider} ovs_version: "2.10.0" Additional commands can be found in upstream Open vSwitch documentation. Notes ~~~~~ The ``neutron-openvswitch-agent`` service will check in as an agent and can be observed using the ``openstack network agent list`` command: .. code-block:: console root@infra01-utility-container-ce1509fd:~# openstack network agent list --agent-type open-vswitch +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+ | 4dcef710-ec0c-4925-a940-dc319cd6849f | Open vSwitch agent | compute03 | None | :-) | UP | neutron-openvswitch-agent | | 5e1f8670-b90e-49c3-84ff-e981aeccb171 | Open vSwitch agent | compute02 | None | :-) | UP | neutron-openvswitch-agent | | 78746672-d77a-4d8a-bb48-f659251fa246 | Open vSwitch agent | compute01 | None | :-) | UP | neutron-openvswitch-agent | | eebab5da-3ef5-4582-84c5-f29e2472a44a | Open vSwitch agent | infra01 | None | :-) | UP | neutron-openvswitch-agent | +--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+