[ovirt-users] oVirt 3.5 & Neutron (Will this work?)

Assaf Muller amuller at redhat.com
Wed Oct 22 10:16:43 EDT 2014


Hello Phil,

The current setup doesn't seem to leverage oVirt's and Neutron's features.
I would try to move the tunnel between the hosts, or some higher-up entity
in your data centers. Would that be possible while adhering to your security requirements?
You could then use Neutron FWaaS to replace the VM firewall, and Neutron LBaaS to replace OSPF.

> ----- Forwarded Message -----
> From: "Phil Daws" <uxbod at splatnix.net>
> To: "Moti Asayag" <masayag at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Tuesday, October 21, 2014 10:21:18 PM
> Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
> 
> Hi Moti:
> 
> Have thrown together a diagram of how I think it should look :-
> 
> https://cloudvault.innoffice247.com/public.php?service=files&t=9e57686453ce6b71fdce1dd1eb18fe4a
> 
> As each oVirt host has a single activated NIC am trying to see how I can use
> OVS, to provide OSPF & SFLOW, and vLAN capability like I have used manually
> with KVM and OVS. From my dev machine this is how OVS looks:
> 
> [root at dev01 ~]# ovs-vsctl show
> 55a2af2f-daf5-4f01-a757-9bccaf4f6932
> Bridge "ovsbr0"
> Port "vnet0"
> Interface "vnet0"
> Port "vnet1"
> tag: 8
> Interface "vnet1"
> Port "vnet13"
> tag: 14
> Interface "vnet13"
> Port "vnet9"
> tag: 10
> Interface "vnet9"
> Port "mgmt0"
> Interface "mgmt0"
> type: internal
> Port "vnet14"
> tag: 8
> Interface "vnet14"
> Port "ovsbr0"
> Interface "ovsbr0"
> type: internal
> Port "vnet11"
> tag: 8
> Interface "vnet11"
> Port "vnet10"
> tag: 13
> Interface "vnet10"
> Port "vnet12"
> tag: 13
> Interface "vnet12"
> Port "em1"
> Interface "em1"
> Port "vnet3"
> tag: 14
> Interface "vnet3"
> Port "vnet4"
> tag: 20
> Interface "vnet4"
> Port "vnet2"
> tag: 10
> Interface "vnet2"
> ovs_version: "2.3.90"
> 
> So I have a single NIC with a public facing IP and then I present that IP as
> a gateway, via the bridge, to a VM firewall which then handles the vlans
> inside that.
> 
> Hope that makes sense ?
> 
> Thanks, Phil
> 
> 
> ----- Original Message -----
> From: "Phil Daws" <uxbod at splatnix.net>
> To: "Moti Asayag" <masayag at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Tuesday, 21 October, 2014 5:26:33 PM
> Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
> 
> Hi Moti:
> 
> thank you for detailed response. I will diagram what I am thinking as that
> should explain it a whole lot better :)
> 
> Thanks, Phil
> 
> ----- Original Message -----
> From: "Moti Asayag" <masayag at redhat.com>
> To: "Phil Daws" <uxbod at splatnix.net>
> Cc: "users" <users at ovirt.org>
> Sent: Tuesday, 21 October, 2014 4:50:45 PM
> Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
> 
> 
> Hi Phil,
> 
> See answers/questions inline.
> 
> ----- Original Message -----
> > From: "Phil Daws" <uxbod at splatnix.net>
> > To: "users" <users at ovirt.org>
> > Sent: Tuesday, October 21, 2014 6:05:55 PM
> > Subject: Re: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
> > 
> > Hmmm, this is interesting as it would appear you can only use the Neutron
> > appliance with a brand new host ?!? so how does one switch to use it on a
> > current system ?
> 
> A new host is not mandatory. You need to move an existing host to maintenance
> and reinstall it. On the "Re-install" dialog select the details of the
> network
> provider.
> 
> > 
> > Thanks, Phil
> > 
> > ----- Original Message -----
> > From: "Phil Daws" <uxbod at splatnix.net>
> > To: users at ovirt.org
> > Sent: Tuesday, 21 October, 2014 1:31:09 PM
> > Subject: [ovirt-users] oVirt 3.5 & Neutron (Will this work?)
> > 
> > Hello:
> > 
> > have installed oVirt 3.5 on two cloud based servers and then managing them
> > from a local engine using a VPN link. On each server I would like to use
> > the Neutron VM appliance so that I can provision the networks using
> > OpenVswitch as I would like to learn about using OSPF between the two
> > diverse systems.
> > 
> 
> Do you intend to use a single neutron appliance for each host or to use a
> single
> neutron appliance to manage connectivity on the two hosts ?
> 
> > The question is that only physical NIC is enabled (public facing), and
> > occupies the ovirtmgmt network, so would I still be able to use Neutron on
> > the second NIC even though it is not connected to anything ?
> 
> Is there L2 connectivity between the hosts ? Or by "not connected to
> anything" you
> actually mean there is no wiring between the hosts ?
> 
> If this is the first case, you should be able to define for each subnet a
> gateway
> via the 'Add subnet' dialog on the engine. That gateway should be used for
> obtaining
> connectivity for the vms to the public/external network. You'll have to
> configure it manually
> though (doesn't covered as part of the ovirt-neutron integration).
> 
> If there is really no connectivity between the hosts and the only outgoing
> traffic from
> each host is via the ovirtmgmt network - it is problematic. According to [1],
> you'll
> have to specify as bridge mappings on the network provider agent details:
> br-neutron:ovirtmgmt,
> where ovirtmgmt will replace the neutron.
> 
> But that also implies that you'll share any traffic going through the
> integration bridge
> of neutron and the hosts with the management network and respectively with
> the public
> network, hence the dhcp agents connected to br-int (which is connected to
> br-neutron and
> to ovirtmgmt) will receive request from the 'ovirtmgmt' network as well.
> 
> Haven't tried it myself, and can't expect the results.
> 
> [1] http://www.ovirt.org/images/2/2a/Neutron-appliance-topology.png
> 
> > Or could I
> > bind the Neutron network to the same one as the ovirtmgmt ? Basically wish
> > to run the VMs with private IPs and then NAT through a VM firewall to the
> > public address.
> > 
> > Any help would be gratefully appreciated.
> > 
> > Thanks, Phil
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 


More information about the Users mailing list