tripleo

Bug #1673882
Comment #3

Comment 3 for bug 1673882

Revision history for this message

Dan Sneddon (dsneddon) wrote on 2017-03-17:

One suggestion for using more NICs might be to configure the Neutron bridge on a separate NIC from the provisioning NIC. The NIC carrying the bridge should be configured to not use DHCP, and the bridge doesn't need to have an IP address if it is used only for hosting Tenant networks. In fact, you can create two bridges, one with the default name of br-ex on NIC2, and one with the name br-tenant on NIC3. That would allow you to host Tenant networks on br-tenant, and External networks on br-ex. Here is an example of the configuration for a Controller:

              network_config:
              - type: interface
                name: nic1
                use_dhcp: false
                dns_servers:
                  get_param: DnsServers
                addresses:
                - ip_netmask:
                    list_join:
                    - /
                    - - get_param: ControlPlaneIp
                      - get_param: ControlPlaneSubnetCidr
                routes:
                - ip_netmask: 169.254.169.254/32
                  next_hop:
                    get_param: EC2MetadataIp
              - type: ovs_bridge
                name: bridge_name
                use_dhcp: false # No IP address needed on the bridge
                dns_servers:
                  get_param: DnsServers
                members:
                - type: interface
                  name: nic2
                  use_dhcp: false
                  # force the MAC address of the bridge to this interface
                  primary: true
                - type: vlan
                  vlan_id:
                    get_param: ExternalNetworkVlanID
                  addresses:
                  - ip_netmask:
                      get_param: ExternalIpSubnet
                  routes:
                  - default: true
                    next_hop:
                      get_param: ExternalInterfaceDefaultRoute
              - type: ovs_bridge
                name: br-tenant
                dns_servers:
                  get_param: DnsServers
                use_dhcp: false
                members:
                - type: interface
                  name: nic3
                  use_dhcp: false
                  primary: true
              - type: interface
                name: nic4
                use_dhcp: false # This effectively disables NIC4

And here is the corresponding example for a Compute node:

Note that there is no br-ex on the compute node in this example, so you would pass the following in your network-environment.yaml to enable tenant networks on the br-tenant:

parameter_defaults:
NeutronNetworkVLANRanges: "tenant:100:999"
NeutronBridgeMappings: "datacentre:br-ex,tenant:br-tenant"

Then you can create external provider networks with the following command:

neutron net-create ext_net --provider:network_type vlan \
--provider:physical_network datacentre --provider:segmentation_id <VLAN_ID> \
--router:external

When tenants create networks, the NeutronNetworkVLANRanges parameter ensures that tenant VLANs will be attached to the "tenant' network and "br-tenant" bridge. You could do the same with additional bridges, and assign a different VLAN range to each bridge, like so:

parameter_defaults:
NeutronNetworkVLANRanges: "tenant:100:499,tenant2:500:999"
NeutronBridgeMappings: "datacentre:br-ex,tenant:br-tenant,tenant2:br-tenant2"

network_config:
              - type: interface
                name: nic1
                use_dhcp: false
                dns_servers:
                  get_param: DnsServers
                addresses:
                - ip_netmask:
                    list_join:
                    - /
                    - - get_param: ControlPlaneIp
                      - get_param: ControlPlaneSubnetCidr
                routes:
                - ip_netmask: 169.254.169.254/32
                  next_hop:
                    get_param: EC2MetadataIp
              - type: ovs_bridge
                name: bridge_name
                use_dhcp: false   # No IP address needed on the bridge
                dns_servers:
                  get_param: DnsServers
                members:
                - type: interface
                  name: nic2
                  use_dhcp: false
                  # force the MAC address of the bridge to this interface
                  primary: true
                - type: vlan
                  vlan_id:
                    get_param: ExternalNetworkVlanID
                  addresses:
                  - ip_netmask:
                      get_param: ExternalIpSubnet
                  routes:
                  - default: true
                    next_hop:
                      get_param: ExternalInterfaceDefaultRoute
              - type: ovs_bridge
                name: br-tenant
                dns_servers:
                  get_param: DnsServers
                use_dhcp: false
                members:
                - type: interface
                  name: nic3
                  use_dhcp: false
                  primary: true
              - type: interface
                name: nic4
                use_dhcp: false  # This effectively disables NIC4

And here is the corresponding example for a Compute node:

Note that there is no br-ex on the compute node in this example, so you would pass the following in your network-environment.yaml to enable tenant networks on the br-tenant:

parameter_defaults:
  NeutronNetworkVLANRanges: "tenant:100:999"
  NeutronBridgeMappings: "datacentre:br-ex,tenant:br-tenant"

Then you can create external provider networks with the following command:

neutron net-create ext_net --provider:network_type vlan \
    --provider:physical_network datacentre  --provider:segmentation_id <VLAN_ID> \
    --router:external

parameter_defaults:
  NeutronNetworkVLANRanges: "tenant:100:499,tenant2:500:999"
  NeutronBridgeMappings: "datacentre:br-ex,tenant:br-tenant,tenant2:br-tenant2"