[Rdo-list] Openstack Liberty with DVR and VLAN overlay

Charles Short cems at ebi.ac.uk
Wed Mar 2 09:34:40 UTC 2016 

Hi,

I have a simple single nic bare metal set up much like this -

https://answers.launchpad.net/neutron/+question/228376

Tenant networks are VLANs, and the external network a VLAN provider network.
This enables me to have one bridge which allows the VLAN overlays to 
pass between nodes/physical switches, and importantly allows external 
access via floating ip through the external provider network VLAN.

This was all working fine, but I wanted to install DVR. I saw that DVR 
functionality had relatively recently been added for VLAN overlays (Kilo 
and beyond)

https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr-vlan

So I enabled DVR, noting that for VLAN overlays l2population is not 
required.
I created two instances, two tenant networks one with a normal router 
(non DVR) and one with a DVR router.

I first tested SNAT on both. Worked fine (I could ping externally from 
the instances)
I then applied a FIP to the non DVR routed instance. I could ping the 
instance from the external network, so all working fine.

I then applied a FIP to the DVR routed instance. This is where the 
problems began. I could not ping externally from the instance, and I 
could not ping the instance from the external network.
I looked at the traffic flow schematic outlined here for North/South FIP 
(allowing for the fact I am not using tunneling) -

http://docs.openstack.org/liberty/networking-guide/scenario_dvr_ovs.html

I noticed that the fg interface from the FIP namespace in my compute 
node was NOT attached to br-int as in the guide, but was attached to my 
VLAN bridge. This seemed odd.
I thought that maybe this would have an effect on the tagging, so tried 
manually adding the tag for the external provider network VLAN to the fg 
port on the VLAN bridge

ovs-vsctl set port fg-15df2853-c2 tag=1041

Suddenly it all started working.  I could now ping externally from the 
DVR routed instance, and I could ping the instance from the external 
network.


Please can someone explain why I am seeing this behavior?

Thanks

Charles

-- 
Charles Short
Cloud Engineer
Virtualization and Cloud Team
European Bioinformatics Institute (EMBL-EBI)
Tel: +44 (0)1223 494205

More information about the rdo-list mailing list