Metadata Access in OVN without l3/dhcp agents
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-ovn |
Fix Released
|
High
|
Daniel Alvarez |
Bug Description
Problem:
VMs access the neutron metadata service available at the link-local IP address: 169.254.169.254.
We want to implement the metadata service in networking-ovn without running DHCP or L3 agents.
A flow for metadata access is the following:
VM---(169.
This is implemented in neutron in one of the following 2 ways:
1) DHCP agent-based for isolated networks using the dhcp-namespace
In isolated networks (without a router), the DHCP agent does the following
a) The dhcp port in the DHCP namespace is aliased with the metadata server IP address
b) the dhcp agent adds a static route to 169.254.169.254 to point to the dhcp port in dhcp transactions with VMs,
This is done using the dhcp static route option (249)
c) the metadata-proxy runs in the dhcp namespace
2) L3-agent based using the router-namespace
The metadata proxy runs in router namespace. Iptables (input, nat and filter) rules
redirect metadata traffic to the metadata proxy.
Changed in networking-ovn: | |
assignee: | nobody → Ramu Ramamurthy (ramu-ramamurthy) |
description: | updated |
summary: |
- Metadata Access in OVN without L3/DHCP agents + Metadata Access in OVN without neutron-agents |
summary: |
- Metadata Access in OVN without neutron-agents + Metadata Access in OVN without l3/dhcp agents |
tags: | added: ovn-upstream |
Changed in networking-ovn: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in networking-ovn: | |
status: | Confirmed → In Progress |
Changed in networking-ovn: | |
assignee: | Ramu Ramamurthy (ramu-ramamurthy) → nobody |
assignee: | nobody → Daniel Alvarez (dalvarezs) |
tags: | removed: ovn-upstream |
An approach has been posted at the ovs dev mailing list for discussion
http:// openvswitch. org/pipermail/ dev/2016- April/069390. html