12:18 a.m.
I have install ovirt 4.2.3 and everything seems to be working fine: I can create virtual
(Geneve overlay) networks for communication between virtual machines via the external
provider ovirt-provider-ovn by using the OWS switch on the cluster. Live migrations and
everything else within the virtual environment works perfectly :-)
For connections from virtual machines to physical VLAN's in a switch, I can also
create a logical network which is created using the external provider ovirt-provider-ovn
by specifying a connection to a physical VLAN network created as a separate data center
network. This method requires that all ovirt-nodes (hosts) in the cluster have access to
the physical network though.
What I am looking for is a way to implement a L2 Gateway such that (not all) ovirt nodes
(hosts) need to have direct access to the physical network. What I am looking for is a way
where virtual machines can communicate with the L2 Gateway via virtual (Geneve overlay)
networks. On the L2 Gateway the virtual network shall then be bridged to the physical VLAN
on a dedicated network interface. My goal is that the virtual network and the physical
network becomes one big broadcast domain.
This concept has been described by different people on the Internet such as these
articles:
- https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options
- https://wiki.openstack.org/wiki/Neutron/L2-GW
How can I accomplish something similar in an ovirt-environment?
Thanks in advance,
Carl Grundholm
5:15 p.m.
Hi Carl,
What you want is probably to use the l2gateway type logical switch port in
OVN.
Please refer to the following doc for the description (not very detailed
unfortunately):
http://www.openvswitch.org//support/dist-docs/ovn-nb.5.txt
Look at the Logical_Switch_Port Table type field, along with some of the
options keys.
Unfortunately we do not support this in ovirt, nor is this supported in
ovirt-provider-ovn.
To use this ovn feature, you will have to manually add an l2gateway port to
your environment.
Marcin
On Sun, Jun 24, 2018 at 11:18 PM, <carlgrundholm(a)gmail.com> wrote:
I have install ovirt 4.2.3 and everything seems to be working fine: I
can
create virtual (Geneve overlay) networks for communication between virtual
machines via the external provider ovirt-provider-ovn by using the OWS
switch on the cluster. Live migrations and everything else within the
virtual environment works perfectly :-)
For connections from virtual machines to physical VLAN's in a switch, I
can also create a logical network which is created using the external
provider ovirt-provider-ovn by specifying a connection to a physical VLAN
network created as a separate data center network. This method requires
that all ovirt-nodes (hosts) in the cluster have access to the physical
network though.
What I am looking for is a way to implement a L2 Gateway such that (not
all) ovirt nodes (hosts) need to have direct access to the physical
network. What I am looking for is a way where virtual machines can
communicate with the L2 Gateway via virtual (Geneve overlay) networks. On
the L2 Gateway the virtual network shall then be bridged to the physical
VLAN on a dedicated network interface. My goal is that the virtual network
and the physical network becomes one big broadcast domain.
This concept has been described by different people on the Internet such
as these articles:
- https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options
- https://wiki.openstack.org/wiki/Neutron/L2-GW
How can I accomplish something similar in an ovirt-environment?
Thanks in advance,
Carl Grundholm
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
message/SUQWX4PAQ2OWM6LQIEQALKEC7YSDHCF2/
7:27 p.m.
Hi Marcin.
Thank you for the hint. I have now got the l2gateway functionality working as I hoped
for.
To sum up the exact steps taken (I am running the new oVirt v. 4.2.4):
1. In oVirt's web-management interface add the needed "physical network"
network (by which I mean a network created without clicking the "Create on External
Provider" check box). When creating the "physical network" click
"Enable VLAN tagging" and specify the right VLAN ID if this is relevant. In the
following the name of this newly created "physical network" is referred to by
the variable $physnet and the VLAN ID is referred to by the variable $tag.
2. Notice that an extra OVN network named "external_$physnet" is automatically
created by oVirt v. 4.2.4. This _might_ be important and I think that you _might_ have to
create a similar network yourself if using older oVirt versions. Then you would have to
create a similar OVN network manually and remember to click the "Create on External
Provider" check box, click the "Connect to Data Center Network" and select
the "physical network" ($physnet) you created in step 1.
3. Add the newly created "physical network" ($physnet) to the physical interface
on the physical host which you want to become your future L2 Gateway. Do this by clicking
the host, selecting "Network Interfaces" and clicking the "Setup Host
Networks" button. In the window opened drag-drop the "physical network"
($physnet) icon onto the box containing the name of the relevant physical interface of the
host.
4. In oVirt create a pure OVN overlay network (by clicking the "Create on External
Provider" check box) which will be used for communication by all VM's needing
access to the physical network - no matter which host they are running on and no matter if
the host has a direct physical interface to the "physical network" ($physnet) or
not. In the following the name of this newly created OVN overlay network will referred to
by the variable $ovn.
5. Enter this command on the oVirt engine server to find the chassis UUID of the future L2
Gateway host:
# ovn-sbctl show
Which creates output similar to this:
Chassis "16a1d7e4-70f6-4683-8ad6-77fe7fa6d03f"
hostname: "kvm1.ovirt.local"
Encap geneve
ip: "10.100.0.11"
options: {csum="true"}
Chassis "2801ee0b-46c4-4c23-aafc-85804afdff54"
hostname: "kvm2.ovirt.local"
Encap geneve
ip: "10.100.0.12"
options: {csum="true"}
Chassis "e732b833-200c-45bb-b55f-25c0f2ab504e"
hostname: "kvm3.ovirt.local"
Encap geneve
ip: "10.100.0.13"
options: {csum="true"}
Notice the Chassis UUID for the oVirt host which you want to become your L2 Gateway: If
you e.g. want kvm3.ovirt.local to become your future L2 Gateway then the chassis UUID in
the above example would be "e732b833-200c-45bb-b55f-25c0f2ab504e". In the
following the correct chassis UUID will be referred to by the variable $chassisUUID.
6. Enter these commands on the oVirt engine server to create a L2 Gateway with a name
contained in the variable $l2gw (the name is not important but you might want to select
something meaningful like "l2gw_$physnet"):
# ovn-nbctl lsp-add $ovn $l2gw "" $tag
# ovn-nbctl lsp-set-addresses $l2gw unknown
# ovn-nbctl lsp-set-type $l2gw l2gateway
# ovn-nbctl lsp-set-options $l2gw network_name=$physnet l2gateway-chassis=$chassisUUID
Here you need to be extra careful because the OVN developers have been a little sloppy
while naming different option keys: The network name uses an UNDERSCORE so it is called
"network_name" whereas the L2 Gateway chassis uses a HYPHEN so it is called
"l2gateway-chassis". If you get this wrong you can spend quite some time
debugging - trust me!!!
That's it. oVirt takes care of the rest :-)
Best regards,
Carl
11:13 a.m.
Hi Carl,
Glad to hear it helped, and thanks for the description.
May I ask why you want to channel the traffic through
one host?
This solution has a disadvantage of pushing all outfgoing
traffic from the OVN network through a single host, which
is not quite optimal for performance. It would be interesting
for us to know the use case for this.
Thanks,
Marcin
On Sun, Jul 1, 2018 at 6:27 PM, <carlgrundholm(a)gmail.com> wrote:
Hi Marcin.
Thank you for the hint. I have now got the l2gateway functionality working
as I hoped for.
To sum up the exact steps taken (I am running the new oVirt v. 4.2.4):
1. In oVirt's web-management interface add the needed "physical network"
network (by which I mean a network created without clicking the "Create on
External Provider" check box). When creating the "physical network" click
"Enable VLAN tagging" and specify the right VLAN ID if this is relevant. In
the following the name of this newly created "physical network" is referred
to by the variable $physnet and the VLAN ID is referred to by the variable
$tag.
2. Notice that an extra OVN network named "external_$physnet" is
automatically created by oVirt v. 4.2.4. This _might_ be important and I
think that you _might_ have to create a similar network yourself if using
older oVirt versions. Then you would have to create a similar OVN network
manually and remember to click the "Create on External Provider" check box,
click the "Connect to Data Center Network" and select the "physical
network" ($physnet) you created in step 1.
3. Add the newly created "physical network" ($physnet) to the physical
interface on the physical host which you want to become your future L2
Gateway. Do this by clicking the host, selecting "Network Interfaces" and
clicking the "Setup Host Networks" button. In the window opened drag-drop
the "physical network" ($physnet) icon onto the box containing the name of
the relevant physical interface of the host.
4. In oVirt create a pure OVN overlay network (by clicking the "Create on
External Provider" check box) which will be used for communication by all
VM's needing access to the physical network - no matter which host they are
running on and no matter if the host has a direct physical interface to the
"physical network" ($physnet) or not. In the following the name of this
newly created OVN overlay network will referred to by the variable $ovn.
5. Enter this command on the oVirt engine server to find the chassis UUID
of the future L2 Gateway host:
# ovn-sbctl show
Which creates output similar to this:
Chassis "16a1d7e4-70f6-4683-8ad6-77fe7fa6d03f"
hostname: "kvm1.ovirt.local"
Encap geneve
ip: "10.100.0.11"
options: {csum="true"}
Chassis "2801ee0b-46c4-4c23-aafc-85804afdff54"
hostname: "kvm2.ovirt.local"
Encap geneve
ip: "10.100.0.12"
options: {csum="true"}
Chassis "e732b833-200c-45bb-b55f-25c0f2ab504e"
hostname: "kvm3.ovirt.local"
Encap geneve
ip: "10.100.0.13"
options: {csum="true"}
Notice the Chassis UUID for the oVirt host which you want to become your
L2 Gateway: If you e.g. want kvm3.ovirt.local to become your future L2
Gateway then the chassis UUID in the above example would be
"e732b833-200c-45bb-b55f-25c0f2ab504e". In the following the correct
chassis UUID will be referred to by the variable $chassisUUID.
6. Enter these commands on the oVirt engine server to create a L2 Gateway
with a name contained in the variable $l2gw (the name is not important but
you might want to select something meaningful like "l2gw_$physnet"):
# ovn-nbctl lsp-add $ovn $l2gw "" $tag
# ovn-nbctl lsp-set-addresses $l2gw unknown
# ovn-nbctl lsp-set-type $l2gw l2gateway
# ovn-nbctl lsp-set-options $l2gw network_name=$physnet
l2gateway-chassis=$chassisUUID
Here you need to be extra careful because the OVN developers have been a
little sloppy while naming different option keys: The network name uses an
UNDERSCORE so it is called "network_name" whereas the L2 Gateway chassis
uses a HYPHEN so it is called "l2gateway-chassis". If you get this wrong
you can spend quite some time debugging - trust me!!!
That's it. oVirt takes care of the rest :-)
Best regards,
Carl
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
message/HAHNME4UAG4GI2G54RZSUXGO632Q6ALT/
2334
days inactive
2343
days old
3 comments
2 participants
participants (2)
-
carlgrundholm@gmail.com -
Marcin Mirecki