Ovirt and L2 Gateway
I have install ovirt 4.2.3 and everything seems to be working fine: I can create virtual (Geneve overlay) networks for communication between virtual machines via the external provider ovirt-provider-ovn by using the OWS switch on the cluster. Live migrations and everything else within the virtual environment works perfectly :-) For connections from virtual machines to physical VLAN's in a switch, I can also create a logical network which is created using the external provider ovirt-provider-ovn by specifying a connection to a physical VLAN network created as a separate data center network. This method requires that all ovirt-nodes (hosts) in the cluster have access to the physical network though. What I am looking for is a way to implement a L2 Gateway such that (not all) ovirt nodes (hosts) need to have direct access to the physical network. What I am looking for is a way where virtual machines can communicate with the L2 Gateway via virtual (Geneve overlay) networks. On the L2 Gateway the virtual network shall then be bridged to the physical VLAN on a dedicated network interface. My goal is that the virtual network and the physical network becomes one big broadcast domain. This concept has been described by different people on the Internet such as these articles: - https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options - https://wiki.openstack.org/wiki/Neutron/L2-GW How can I accomplish something similar in an ovirt-environment? Thanks in advance, Carl Grundholm
Hi Carl, What you want is probably to use the l2gateway type logical switch port in OVN. Please refer to the following doc for the description (not very detailed unfortunately): http://www.openvswitch.org//support/dist-docs/ovn-nb.5.txt Look at the Logical_Switch_Port Table type field, along with some of the options keys. Unfortunately we do not support this in ovirt, nor is this supported in ovirt-provider-ovn. To use this ovn feature, you will have to manually add an l2gateway port to your environment. Marcin On Sun, Jun 24, 2018 at 11:18 PM, <carlgrundholm@gmail.com> wrote:
I have install ovirt 4.2.3 and everything seems to be working fine: I can create virtual (Geneve overlay) networks for communication between virtual machines via the external provider ovirt-provider-ovn by using the OWS switch on the cluster. Live migrations and everything else within the virtual environment works perfectly :-)
For connections from virtual machines to physical VLAN's in a switch, I can also create a logical network which is created using the external provider ovirt-provider-ovn by specifying a connection to a physical VLAN network created as a separate data center network. This method requires that all ovirt-nodes (hosts) in the cluster have access to the physical network though.
What I am looking for is a way to implement a L2 Gateway such that (not all) ovirt nodes (hosts) need to have direct access to the physical network. What I am looking for is a way where virtual machines can communicate with the L2 Gateway via virtual (Geneve overlay) networks. On the L2 Gateway the virtual network shall then be bridged to the physical VLAN on a dedicated network interface. My goal is that the virtual network and the physical network becomes one big broadcast domain.
This concept has been described by different people on the Internet such as these articles: - https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options - https://wiki.openstack.org/wiki/Neutron/L2-GW
How can I accomplish something similar in an ovirt-environment?
Thanks in advance,
Carl Grundholm _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community- guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ message/SUQWX4PAQ2OWM6LQIEQALKEC7YSDHCF2/
Hi Marcin. Thank you for the hint. I have now got the l2gateway functionality working as I hoped for. To sum up the exact steps taken (I am running the new oVirt v. 4.2.4): 1. In oVirt's web-management interface add the needed "physical network" network (by which I mean a network created without clicking the "Create on External Provider" check box). When creating the "physical network" click "Enable VLAN tagging" and specify the right VLAN ID if this is relevant. In the following the name of this newly created "physical network" is referred to by the variable $physnet and the VLAN ID is referred to by the variable $tag. 2. Notice that an extra OVN network named "external_$physnet" is automatically created by oVirt v. 4.2.4. This _might_ be important and I think that you _might_ have to create a similar network yourself if using older oVirt versions. Then you would have to create a similar OVN network manually and remember to click the "Create on External Provider" check box, click the "Connect to Data Center Network" and select the "physical network" ($physnet) you created in step 1. 3. Add the newly created "physical network" ($physnet) to the physical interface on the physical host which you want to become your future L2 Gateway. Do this by clicking the host, selecting "Network Interfaces" and clicking the "Setup Host Networks" button. In the window opened drag-drop the "physical network" ($physnet) icon onto the box containing the name of the relevant physical interface of the host. 4. In oVirt create a pure OVN overlay network (by clicking the "Create on External Provider" check box) which will be used for communication by all VM's needing access to the physical network - no matter which host they are running on and no matter if the host has a direct physical interface to the "physical network" ($physnet) or not. In the following the name of this newly created OVN overlay network will referred to by the variable $ovn. 5. Enter this command on the oVirt engine server to find the chassis UUID of the future L2 Gateway host: # ovn-sbctl show Which creates output similar to this: Chassis "16a1d7e4-70f6-4683-8ad6-77fe7fa6d03f" hostname: "kvm1.ovirt.local" Encap geneve ip: "10.100.0.11" options: {csum="true"} Chassis "2801ee0b-46c4-4c23-aafc-85804afdff54" hostname: "kvm2.ovirt.local" Encap geneve ip: "10.100.0.12" options: {csum="true"} Chassis "e732b833-200c-45bb-b55f-25c0f2ab504e" hostname: "kvm3.ovirt.local" Encap geneve ip: "10.100.0.13" options: {csum="true"} Notice the Chassis UUID for the oVirt host which you want to become your L2 Gateway: If you e.g. want kvm3.ovirt.local to become your future L2 Gateway then the chassis UUID in the above example would be "e732b833-200c-45bb-b55f-25c0f2ab504e". In the following the correct chassis UUID will be referred to by the variable $chassisUUID. 6. Enter these commands on the oVirt engine server to create a L2 Gateway with a name contained in the variable $l2gw (the name is not important but you might want to select something meaningful like "l2gw_$physnet"): # ovn-nbctl lsp-add $ovn $l2gw "" $tag # ovn-nbctl lsp-set-addresses $l2gw unknown # ovn-nbctl lsp-set-type $l2gw l2gateway # ovn-nbctl lsp-set-options $l2gw network_name=$physnet l2gateway-chassis=$chassisUUID Here you need to be extra careful because the OVN developers have been a little sloppy while naming different option keys: The network name uses an UNDERSCORE so it is called "network_name" whereas the L2 Gateway chassis uses a HYPHEN so it is called "l2gateway-chassis". If you get this wrong you can spend quite some time debugging - trust me!!! That's it. oVirt takes care of the rest :-) Best regards, Carl
Hi Carl, Glad to hear it helped, and thanks for the description. May I ask why you want to channel the traffic through one host? This solution has a disadvantage of pushing all outfgoing traffic from the OVN network through a single host, which is not quite optimal for performance. It would be interesting for us to know the use case for this. Thanks, Marcin On Sun, Jul 1, 2018 at 6:27 PM, <carlgrundholm@gmail.com> wrote:
Hi Marcin.
Thank you for the hint. I have now got the l2gateway functionality working as I hoped for.
To sum up the exact steps taken (I am running the new oVirt v. 4.2.4):
1. In oVirt's web-management interface add the needed "physical network" network (by which I mean a network created without clicking the "Create on External Provider" check box). When creating the "physical network" click "Enable VLAN tagging" and specify the right VLAN ID if this is relevant. In the following the name of this newly created "physical network" is referred to by the variable $physnet and the VLAN ID is referred to by the variable $tag.
2. Notice that an extra OVN network named "external_$physnet" is automatically created by oVirt v. 4.2.4. This _might_ be important and I think that you _might_ have to create a similar network yourself if using older oVirt versions. Then you would have to create a similar OVN network manually and remember to click the "Create on External Provider" check box, click the "Connect to Data Center Network" and select the "physical network" ($physnet) you created in step 1.
3. Add the newly created "physical network" ($physnet) to the physical interface on the physical host which you want to become your future L2 Gateway. Do this by clicking the host, selecting "Network Interfaces" and clicking the "Setup Host Networks" button. In the window opened drag-drop the "physical network" ($physnet) icon onto the box containing the name of the relevant physical interface of the host.
4. In oVirt create a pure OVN overlay network (by clicking the "Create on External Provider" check box) which will be used for communication by all VM's needing access to the physical network - no matter which host they are running on and no matter if the host has a direct physical interface to the "physical network" ($physnet) or not. In the following the name of this newly created OVN overlay network will referred to by the variable $ovn.
5. Enter this command on the oVirt engine server to find the chassis UUID of the future L2 Gateway host: # ovn-sbctl show
Which creates output similar to this:
Chassis "16a1d7e4-70f6-4683-8ad6-77fe7fa6d03f" hostname: "kvm1.ovirt.local" Encap geneve ip: "10.100.0.11" options: {csum="true"} Chassis "2801ee0b-46c4-4c23-aafc-85804afdff54" hostname: "kvm2.ovirt.local" Encap geneve ip: "10.100.0.12" options: {csum="true"} Chassis "e732b833-200c-45bb-b55f-25c0f2ab504e" hostname: "kvm3.ovirt.local" Encap geneve ip: "10.100.0.13" options: {csum="true"}
Notice the Chassis UUID for the oVirt host which you want to become your L2 Gateway: If you e.g. want kvm3.ovirt.local to become your future L2 Gateway then the chassis UUID in the above example would be "e732b833-200c-45bb-b55f-25c0f2ab504e". In the following the correct chassis UUID will be referred to by the variable $chassisUUID.
6. Enter these commands on the oVirt engine server to create a L2 Gateway with a name contained in the variable $l2gw (the name is not important but you might want to select something meaningful like "l2gw_$physnet"): # ovn-nbctl lsp-add $ovn $l2gw "" $tag # ovn-nbctl lsp-set-addresses $l2gw unknown # ovn-nbctl lsp-set-type $l2gw l2gateway # ovn-nbctl lsp-set-options $l2gw network_name=$physnet l2gateway-chassis=$chassisUUID
Here you need to be extra careful because the OVN developers have been a little sloppy while naming different option keys: The network name uses an UNDERSCORE so it is called "network_name" whereas the L2 Gateway chassis uses a HYPHEN so it is called "l2gateway-chassis". If you get this wrong you can spend quite some time debugging - trust me!!!
That's it. oVirt takes care of the rest :-)
Best regards,
Carl _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community- guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ message/HAHNME4UAG4GI2G54RZSUXGO632Q6ALT/
participants (2)
-
carlgrundholm@gmail.com -
Marcin Mirecki