Skip to content

Commit 1650166

Browse files
committed
docs: Add more networking details to single interface section
Add complete localrcs, and also add a section for additional compute nodes, to help demonstrate the OVS layout and how traffic flows over VXLAN tunnels from compute nodes, to the L3 node, and out onto the wire. Closes-Bug: #1506733 Change-Id: Ibb5fd454bdcb8c13400c1e11f640c2aafc0f73ca
1 parent ef0d320 commit 1650166

1 file changed

Lines changed: 171 additions & 1 deletion

File tree

doc/source/guides/neutron.rst

Lines changed: 171 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,17 +35,21 @@ network and is on a shared subnet with other machines.
3535
network hardware_network {
3636
address = "172.18.161.0/24"
3737
router [ address = "172.18.161.1" ];
38-
devstack_laptop [ address = "172.18.161.6" ];
38+
devstack-1 [ address = "172.18.161.6" ];
3939
}
4040
}
4141

4242

4343
DevStack Configuration
4444
----------------------
4545

46+
The following is a complete `local.conf` for the host named
47+
`devstack-1`. It will run all the API and services, as well as
48+
serving as a hypervisor for guest instances.
4649

4750
::
4851

52+
[[local|localrc]]
4953
HOST_IP=172.18.161.6
5054
SERVICE_HOST=172.18.161.6
5155
MYSQL_HOST=172.18.161.6
@@ -57,6 +61,12 @@ DevStack Configuration
5761
SERVICE_PASSWORD=secrete
5862
SERVICE_TOKEN=secrete
5963

64+
# Do not use Nova-Network
65+
disable_service n-net
66+
# Enable Neutron
67+
ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
68+
69+
6070
## Neutron options
6171
Q_USE_SECGROUP=True
6272
FLOATING_RANGE="172.18.161.0/24"
@@ -71,6 +81,166 @@ DevStack Configuration
7181
OVS_BRIDGE_MAPPINGS=public:br-ex
7282

7383

84+
Adding Additional Compute Nodes
85+
-------------------------------
86+
87+
Let's suppose that after installing DevStack on the first host, you
88+
also want to do multinode testing and networking.
89+
90+
Physical Network Setup
91+
~~~~~~~~~~~~~~~~~~~~~~
92+
93+
.. nwdiag::
94+
95+
nwdiag {
96+
inet [ shape = cloud ];
97+
router;
98+
inet -- router;
99+
100+
network hardware_network {
101+
address = "172.18.161.0/24"
102+
router [ address = "172.18.161.1" ];
103+
devstack-1 [ address = "172.18.161.6" ];
104+
devstack-2 [ address = "172.18.161.7" ];
105+
}
106+
}
107+
108+
109+
After DevStack installs and configures Neutron, traffic from guest VMs
110+
flows out of `devstack-2` (the compute node) and is encapsulated in a
111+
VXLAN tunnel back to `devstack-1` (the control node) where the L3
112+
agent is running.
113+
114+
::
115+
116+
stack@devstack-2:~/devstack$ sudo ovs-vsctl show
117+
8992d965-0ba0-42fd-90e9-20ecc528bc29
118+
Bridge br-int
119+
fail_mode: secure
120+
Port br-int
121+
Interface br-int
122+
type: internal
123+
Port patch-tun
124+
Interface patch-tun
125+
type: patch
126+
options: {peer=patch-int}
127+
Bridge br-tun
128+
fail_mode: secure
129+
Port "vxlan-c0a801f6"
130+
Interface "vxlan-c0a801f6"
131+
type: vxlan
132+
options: {df_default="true", in_key=flow, local_ip="172.18.161.7", out_key=flow, remote_ip="172.18.161.6"}
133+
Port patch-int
134+
Interface patch-int
135+
type: patch
136+
options: {peer=patch-tun}
137+
Port br-tun
138+
Interface br-tun
139+
type: internal
140+
ovs_version: "2.0.2"
141+
142+
Open vSwitch on the control node, where the L3 agent runs, is
143+
configured to de-encapsulate traffic from compute nodes, then forward
144+
it over the `br-ex` bridge, where `eth0` is attached.
145+
146+
::
147+
148+
stack@devstack-1:~/devstack$ sudo ovs-vsctl show
149+
422adeea-48d1-4a1f-98b1-8e7239077964
150+
Bridge br-tun
151+
fail_mode: secure
152+
Port br-tun
153+
Interface br-tun
154+
type: internal
155+
Port patch-int
156+
Interface patch-int
157+
type: patch
158+
options: {peer=patch-tun}
159+
Port "vxlan-c0a801d8"
160+
Interface "vxlan-c0a801d8"
161+
type: vxlan
162+
options: {df_default="true", in_key=flow, local_ip="172.18.161.6", out_key=flow, remote_ip="172.18.161.7"}
163+
Bridge br-ex
164+
Port phy-br-ex
165+
Interface phy-br-ex
166+
type: patch
167+
options: {peer=int-br-ex}
168+
Port "eth0"
169+
Interface "eth0"
170+
Port br-ex
171+
Interface br-ex
172+
type: internal
173+
Bridge br-int
174+
fail_mode: secure
175+
Port "tapce66332d-ea"
176+
tag: 1
177+
Interface "tapce66332d-ea"
178+
type: internal
179+
Port "qg-65e5a4b9-15"
180+
tag: 2
181+
Interface "qg-65e5a4b9-15"
182+
type: internal
183+
Port "qr-33e5e471-88"
184+
tag: 1
185+
Interface "qr-33e5e471-88"
186+
type: internal
187+
Port "qr-acbe9951-70"
188+
tag: 1
189+
Interface "qr-acbe9951-70"
190+
type: internal
191+
Port br-int
192+
Interface br-int
193+
type: internal
194+
Port patch-tun
195+
Interface patch-tun
196+
type: patch
197+
options: {peer=patch-int}
198+
Port int-br-ex
199+
Interface int-br-ex
200+
type: patch
201+
options: {peer=phy-br-ex}
202+
ovs_version: "2.0.2"
203+
204+
`br-int` is a bridge that the Open vSwitch mechanism driver creates,
205+
which is used as the "integration bridge" where ports are created, and
206+
plugged into the virtual switching fabric. `br-ex` is an OVS bridge
207+
that is used to connect physical ports (like `eth0`), so that floating
208+
IP traffic for tenants can be received from the physical network
209+
infrastructure (and the internet), and routed to tenant network ports.
210+
`br-tun` is a tunnel bridge that is used to connect OpenStack nodes
211+
(like `devstack-2`) together. This bridge is used so that tenant
212+
network traffic, using the VXLAN tunneling protocol, flows between
213+
each compute node where tenant instances run.
214+
215+
216+
217+
DevStack Compute Configuration
218+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
219+
220+
The host `devstack-2` has a very minimal `local.conf`.
221+
222+
::
223+
224+
[[local|localrc]]
225+
HOST_IP=172.18.161.7
226+
SERVICE_HOST=172.18.161.6
227+
MYSQL_HOST=172.18.161.6
228+
RABBIT_HOST=172.18.161.6
229+
GLANCE_HOSTPORT=172.18.161.6:9292
230+
ADMIN_PASSWORD=secrete
231+
MYSQL_PASSWORD=secrete
232+
RABBIT_PASSWORD=secrete
233+
SERVICE_PASSWORD=secrete
234+
SERVICE_TOKEN=secrete
235+
236+
## Neutron options
237+
PUBLIC_INTERFACE=eth0
238+
ENABLED_SERVICES=n-cpu,rabbit,q-agt
239+
240+
Network traffic from `eth0` on the compute nodes is then NAT'd by the
241+
controller node that runs Neutron's `neutron-l3-agent` and provides L3
242+
connectivity.
243+
74244

75245
Neutron Networking with Open vSwitch and Provider Networks
76246
==========================================================

0 commit comments

Comments
 (0)