Hi Carl,

Glad to hear it helped, and thanks for the description.
May I ask why you want to channel the traffic through
one host?
This solution has a disadvantage of pushing all outfgoing
traffic from the OVN network through a single host, which
is not quite optimal for performance. It would be interesting
for us to know the use case for this.

Thanks,
Marcin


On Sun, Jul 1, 2018 at 6:27 PM, <carlgrundholm@gmail.com> wrote:
Hi Marcin.

Thank you for the hint. I have now got the l2gateway functionality working as I hoped for.

To sum up the exact steps taken (I am running the new oVirt v. 4.2.4):

1. In oVirt's web-management interface add the needed "physical network" network (by which I mean a network created without clicking the "Create on External Provider" check box). When creating the "physical network" click "Enable VLAN tagging" and specify the right VLAN ID if this is relevant. In the following the name of this newly created "physical network" is referred to by the variable $physnet and the VLAN ID is referred to by the variable $tag.

2. Notice that an extra OVN network named "external_$physnet" is automatically created by oVirt v. 4.2.4. This _might_ be important and I think that you _might_ have to create a similar network yourself if using older oVirt versions. Then you would have to create a similar OVN network manually and remember to click the "Create on External Provider" check box, click the "Connect to Data Center Network" and select the "physical network" ($physnet) you created in step 1.

3. Add the newly created "physical network" ($physnet) to the physical interface on the physical host which you want to become your future L2 Gateway. Do this by clicking the host, selecting "Network Interfaces" and clicking the "Setup Host Networks" button. In the window opened drag-drop the "physical network" ($physnet) icon onto the box containing the name of the relevant physical interface of the host.

4. In oVirt create a pure OVN overlay network (by clicking the "Create on External Provider" check box) which will be used for communication by all VM's needing access to the physical network - no matter which host they are running on and no matter if the host has a direct physical interface to the "physical network" ($physnet) or not. In the following the name of this newly created OVN overlay network will referred to by the variable $ovn.

5. Enter this command on the oVirt engine server to find the chassis UUID of the future L2 Gateway host:
# ovn-sbctl show

Which creates output similar to this:

Chassis "16a1d7e4-70f6-4683-8ad6-77fe7fa6d03f"
    hostname: "kvm1.ovirt.local"
    Encap geneve
        ip: "10.100.0.11"
        options: {csum="true"}
Chassis "2801ee0b-46c4-4c23-aafc-85804afdff54"
    hostname: "kvm2.ovirt.local"
    Encap geneve
        ip: "10.100.0.12"
        options: {csum="true"}
Chassis "e732b833-200c-45bb-b55f-25c0f2ab504e"
    hostname: "kvm3.ovirt.local"
    Encap geneve
        ip: "10.100.0.13"
        options: {csum="true"}

Notice the Chassis UUID for the oVirt host which you want to become your L2 Gateway: If you e.g. want kvm3.ovirt.local to become your future L2 Gateway then the chassis UUID in the above example would be "e732b833-200c-45bb-b55f-25c0f2ab504e". In the following the correct chassis UUID will be referred to by the variable $chassisUUID.

6. Enter these commands on the oVirt engine server to create a L2 Gateway with a name contained in the variable $l2gw (the name is not important but you might want to select something meaningful like "l2gw_$physnet"):
# ovn-nbctl lsp-add $ovn $l2gw "" $tag
# ovn-nbctl lsp-set-addresses $l2gw unknown
# ovn-nbctl lsp-set-type $l2gw l2gateway
# ovn-nbctl lsp-set-options $l2gw network_name=$physnet l2gateway-chassis=$chassisUUID

Here you need to be extra careful because the OVN developers have been a little sloppy while naming different option keys: The network name uses an UNDERSCORE so it is called "network_name" whereas the L2 Gateway chassis uses a HYPHEN so it is called "l2gateway-chassis". If you get this wrong you can spend quite some time debugging - trust me!!!

That's it. oVirt takes care of the rest :-)

Best regards,

Carl
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HAHNME4UAG4GI2G54RZSUXGO632Q6ALT/