[ovirt-users] questions on OVN

Marcin Mirecki mmirecki at redhat.com
Wed Feb 15 15:23:20 UTC 2017


It should not have any negative interference on configuration issues,
but
it could have a negative impact on performace of your ovirtmgmt network, in
case your OVN traffic saturates the connection.

>Cannot edit Interface. External network cannot be changed while the
virtual machine is running.
The error message is incorrect (it predates the introduction of nic
hotplugging)
It is enough to unplug/plug the nic before/after doing changes (the nic
must be in the unplugged state to change it).
As far as I know there is already a bug reported about the error message
being incorrect.

>With missing authentication do you mean that I could set up a non-oVirt
host installing controller and driver parts an let it join the others
without control?
There are two problems that relate to authentication:
- ovirt-provider-ovn does not authenticate request. Currently anyone can
send requests to it, and create/delete networks or ports. This should be
implemented in the near future.
- no authentication to access to OVN databases. A workaround for now could
be putting OVN management traffic on a private network not accessible from
outside. This is be implemented by the OVN team.

>In the sense that the tunnel basically already realizes the isolation from
the ovirtmgmt network itself (what usually we do making vlans) without
>interfering in case I have a great exchange of data for example over the
tunnel between 2 VMs placed on different hosts?
If the traffic going over the tunnel saturates that link, it will interfere
with with your ovirtmgm traffic. For testing this setup should be ok, I
would not recommend it for production.

>BTW: does it make sense to create another vlan on the bonding (that is
already setup with vlans), assigning an ip on the hosts and then use it?
The tunnel should take care of the isolation, so I don't think it would add
any value.

>The same question could also apply to a general case where for example my
hosts have to integrate into a dedicated lan in the infrastructure (eg for
backup or monitoring or what else)... would I configure this lan from oVirt
or better from hosts themselves?
Any configuration changes made manually would cause ovirt to see them as
unsynchronized. To do it cleanly you would have to hide the nics used for
this by adding them to 'hidden_nic' in vdsm configuration (nics ignored by
ovirt). Let me know if you want more information on this.
If you need a network to be used by the host, a better solution would be to
just create a separate network from ovirt (a non-vm network if you don't
need a bridge on top of the nic).

Marcin



On Wed, Feb 15, 2017 at 2:59 PM, Gianluca Cecchi <gianluca.cecchi at gmail.com>
wrote:

> On Wed, Feb 15, 2017 at 1:55 PM, Marcin Mirecki <mmirecki at redhat.com>
> wrote:
>
>> Hello Gianluca,
>>
>> OVN is a tech preview feature in 4.1
>> It's 'fully usable' as far as the basic networking functionality goes
>> (network, ports, subnets),
>>
>
> OK, my question was mainly related to negative interference with other
> parts of oVirt.
> I plan to use it side by side with normal networking so that in the same
> Cluster/Datacenter I can have VMs with "legacy" networks, VMs with OVN
> provided networks and eventually VMs with a mix of the two.
> BTW: I see that while I can hot add an OVN nic to a VM, I cannot hot edit
> an OVN nic; I get the error:
>
> Cannot edit Interface. External network cannot be changed while the
> virtual machine is running.
>
> Any plan to solve this?
>
>
>
>> but it's still missing some parts like authentication, automatic host
>> installation, some of the rest support and others.
>>
>
> Not a big problem for my tests.
> With missing authentication do you mean that I could set up a non-oVirt
> host installing controller and driver parts an let it join the others
> without control?
> Or keystone/similar integration?
>
>
>> You can use ovirtmgmt for the OVN tunnels. How ovirtmgmt is configured is
>> also not relevant for OVN.
>> I am using a similar setup (without bonds) on my dev environment and it's
>> working fine.
>>
>
> So I could have ovirtmgmt on a vlan based bonding and use it without
> problems?
> In the sense that the tunnel basically already realizes the isolation from
> the ovirtmgmt network itself (what usually we do making vlans) without
> interfering in case I have a great exchange of data for example over the
> tunnel between 2 VMs placed on different hosts?
>
> BTW: does it make sense to create another vlan on the bonding (that is
> already setup with vlans), assigning an ip on the hosts and then use it?
> Probably the answer above applies to this too...
> In this case is it recommended to do it from inside oVirt itself or one
> can do it manually in the OS (supposing plain CentOS configuration for
> hypervisors)?
>
> The same question could also apply to a general case where for example my
> hosts have to integrate into a dedicated lan in the infrastructure (eg for
> backup or monitoring or what else)... would I configure this lan from oVirt
> or better from hosts themselves?
>
> Thanks in advance for your time
>
> Gianluca
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170215/8e11d700/attachment.html>


More information about the Users mailing list