Blog
Search…
Blog
Welcome to egonzalez blog
Hacking
Index
OpenStack
Index
OpenStack tacker and service function chaining sfc with kolla
Deploy OpenStack designate with kolla-ansible
OpenStack keystone zero downtime upgrade process newton to ocata
Midonet integration with OpenStack Mitaka
OpenStack kolla deployment
Magnum in RDO OpenStack Liberty
Nova VNC flows under the hood
Ceph Ansible baremetal deployment
Rally OpenStack benchmarking with Docker
OpenStack affinity/anti-affinity groups
Migrate keystone v2.0 to keystone v3 OpenStack
Neutron DVR OpenStack Liberty
OpenStack segregation with availability zones and host aggregates
Nova Docker driver
Murano in RDO OpenStack manual installation
Ceph RadosGW admin Ops
Multiple store locations for glance images
List all tenants belonging an user
Load balancer as a service OpenStack LbaaS
OpenStack nova API start error
Delete OpenStack neutron networks
Docker and DevOps
Index
Powered By GitBook
Neutron DVR OpenStack Liberty
Distributed Virtual Routers aka DVR were created to avoid single point of failure on neutron nodes.
When using standard routers, all the traffic is passing out through Neutron servers. Inside network servers, router namespaces are created routing all traffic and NAT forwarding between instances and public networks. When a network node falls down, instance traffic will no longer be available until a new namespace is created and executed in another network node.
Distributed routers is a way to avoid the SPOF neutron nodes were. When using DVR, router namespaces, are directly created inside compute nodes where all instance and l3 traffic are routed.
If you want to know more about DVR check this awesome links:
A previous OpenStack Liberty installation is required, mine was done with RDO packstack.
Configure all Neutron Servers
Edit ml2 configuration file with the following:
1
# vi /etc/neutron/plugins/ml2/ml2_conf.ini
2
​
3
mechanism_drivers = openvswitch,l2population
4
type_drivers = flat,vlan,vxlan
5
tenant_network_types = vxlan
6
vni_ranges = 10:100
7
vxlan_group = 224.1.1.1
8
enable_security_group = True
Copied!
Edit neutron configuration file, enable DVR and uncomment dvr_base_mac option
1
# vi /etc/neutron/neutron.conf
2
​
3
router_distributed = True
4
dvr_base_mac = fa:16:3f:00:00:00
Copied!
Configure l3 agent to use dvr_snat
1
# vi /etc/neutron/l3_agent.ini
2
​
3
agent_mode = dvr_snat
Copied!
Restart neutron server
1
systemctl restart neutron-server
Copied!
Configure all Compute Nodes
Install ml2 package
1
yum install openstack-neutron-ml2
Copied!
Edit openvswitch agent file as below:
1
# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
2
​
3
l2_population = True
4
arp_responder = True
5
enable_distributed_routing = True
Copied!
Enable DVR and select an interface driver to be used by l3 agent
1
# vi /etc/neutron/l3_agent.ini
2
​
3
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
4
agent_mode = dvr
Copied!
Edit ml2 configuration file as below:
1
# vi /etc/neutron/plugins/ml2/ml2_conf.ini
2
​
3
type_drivers = flat,vlan,vxlan
4
tenant_network_types = vxlan
5
mechanism_drivers = openvswitch,l2population
6
vni_ranges = 10:100
7
vxlan_group = 224.1.1.1
8
enable_security_group = True
Copied!
Start and enable metadata agent in compute nodes
1
systemctl start neutron-l3-agent neutron-metadata-agent
2
systemctl enable neutron-l3-agent neutron-metadata-agent
Copied!
Create an external bridge with an external IP associated on it
1
# vi /etc/sysconfig/network-scripts/ifcfg-br-ex
2
​
3
DEVICE=br-ex
4
DEVICETYPE=ovs
5
TYPE=OVSBridge
6
BOOTPROTO=static
7
IPADDR=192.168.100.4
8
NETMASK=255.255.255.0
9
GATEWAY=192.168.100.1
10
ONBOOT=yes
Copied!
Modify an unused interface connected with the same network as the IP configured with br-ex, edit the interface to be used as OVS port by br-ex
1
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
2
DEVICE=eth1
3
TYPE=OVSPort
4
DEVICETYPE=ovs
5
OVS_BRIDGE=br-ex
6
ONBOOT=yes
Copied!
Restart network service to apply changes on the interfaces and openvswith-agent
1
systemctl restart network
2
systemctl restart neutron-openvswitch-agent
Copied!
Create an external network and a subnet on it
1
neutron net-create external_network --provider:network_type flat --provider:physical_network extnet --router:external --shared
2
neutron subnet-create --name public_subnet --enable_dhcp=False --allocation-pool=start=192.168.100.100,end=192.168.100.150 --gateway=192.168.100.1 external_network 192.168.100.0/24
Copied!
Create a router and associate external network as router gateway
1
neutron router-create router1
2
neutron router-gateway-set router1 external_network
Copied!
Create an internal network, a subnet and associate an interface to the router
1
neutron net-create private_network
2
neutron subnet-create --name private_subnet private_network 10.0.1.0/24
3
neutron router-interface-add router1 private_subnet
Copied!
Boot 2 instances
1
nova boot --flavor m1.tiny --image cirros --nic net-id=154da7a8-fa49-415e-9d35-c840b144a8df test1
2
nova boot --flavor m1.tiny --image cirros --nic net-id=154da7a8-fa49-415e-9d35-c840b144a8df test2
Copied!
Create 2 floating ips and associate it to instances
1
neutron floatingip-create external_network
2
neutron floatingip-create external_network
3
nova floating-ip-associate test1 192.168.100.101
4
nova floating-ip-associate test2 192.168.100.102
Copied!
Test if all works as expected pinging floating ips
1
# ping 192.168.100.101
2
# ping 192.168.100.102
Copied!
As you can see, in network nodes, a snat namespace is created
1
# sudo ip netns
2
qdhcp-154da7a8-fa49-415e-9d35-c840b144a8df
3
snat-77fef58a-6d0c-4e96-b4b6-5d8e81ebead3
Copied!
In compute nodes, a fip namespace per instance with floating ip associated running on the compute node are created and a qrouter namespace are created.
1
# sudo ip netns
2
fip-4dfdabb0-d2d6-4d4a-8c00-84df834eec8b
3
qrouter-77fef58a-6d0c-4e96-b4b6-5d8e81ebead3
Copied!
Best regards, Eduardo Gonzalez
Previous
Migrate keystone v2.0 to keystone v3 OpenStack
Next
OpenStack segregation with availability zones and host aggregates
Last modified 2yr ago
Copy link