Re: [openstack-dev] Mitaka, Xenial, OVS Firewall Driver, DPDK, VXLAN and Provider Networks
We aren't too far off from being able to support this now. The agent-based ML2 drivers already bind based on a combination of VNIC type and the host so multiple agents with different types can run on the same host. I think the only part that is missing is each driver being able to inform Nova which bridge to plug into. On Feb 28, 2016 7:48 PM, "Assaf Muller" wrote: > On Sat, Feb 27, 2016 at 6:55 PM, Martinx - ジェームズ > wrote: > > Hey guys! > > > > Next Ubuntu and Mitaka are promising something ultra mega cool! > > > > Look at this! > > > > --- > > root@mitaka-1:~# apt install neutron-openvswitch-agent > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > The following additional packages will be installed: > > dpdk libdpdk0 openvswitch-common openvswitch-switch > > --- > > > > Xenial will brings DPDK-2.2 fully supported for 5 years! > > > > However, I am curious about the following scenarios: > > > > Will be possible to use, at the same time (same Network and Compute > nodes / > > Host Aggregate): > > > > 1- Regular OVS bridges without DPDK for VXLAN Networks, with > > OVS-Firewall-Driver and; > > > > 2- OVS powered by DPDK for Provider Networks only ( without any > firewall, > > current case anyway, due to > > https://bugs.launchpad.net/neutron/+bug/1531205). > > Currently, a host may run a single OVS agent, configured for either > regular OVS or OVS-DPDK. You cannot run both on a single host. You can > mix and match between different hosts though. It is something we > discussed a bit, but no concrete plans to change this at this time. > > We could support this by allowing an OVS agent to support two > datapaths simultaneously by configuring two integration bridges, each > with its own type. We would add a DPDK VNIC type so Nova would plug > the VNIC to the correct bridge. Each integration bridge would have its > own bridge mappings (The kernel datapath integration bridge would be > connected to br-tun or to a VLAN bridge, and the DPDK datapath > integration bridge would be connected to its own set of VLAN provider > bridges. Another way to accomplish this use case is to start two OVS > agents on the same host, each configured appropriately, but we'd need > to make changes to ML2 to support this, perhaps differentiate between > the two agents via an agent_type and bind ports appropriately. Again, > we'd need a new VNIC type for DPDK ports. > > > > > ? > > > > I have NFV Instances that are also, DPDK L2 Bridges running on KVM > Guest / > > VirtIO, that are physically wired using Provider Networks (flat and > vlans). > > > > So, for the Instance's vNICs (eth1 and eth2) that are used as a L2 > bridge, > > I don't want any kind of ovs-firewall (I'm not affected by LP #1531205 on > > this case) and I want OVS+DPDK under it but, for SSH into the Instance to > > manage it (via its eth0), it is still using regular VXLAN with Security > > Groups - OVS-Firewall from now on (no need for DPDK under eth0 / VXLAN). > > > > I'm curious about this specially because the OVS Ubuntu package, makes > use > > of Debian's Alternatives subsystem, and we need to choose one OVS > (default), > > or another (with DPDK), via "update-alternatives", so, will be possible > to > > select OVS with DPDK but, use regular bridges with it as well (for VXLAN > > networks)? > > > > If yes, how to create a VXLAN network with regular OVS and another > > FLAT/VLAN network with OVS+DPDK ? > > > > Thanks in advance! > > > > Best, > > Thiago > > > > > __ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Mitaka, Xenial, OVS Firewall Driver, DPDK, VXLAN and Provider Networks
On Sat, Feb 27, 2016 at 6:55 PM, Martinx - ジェームズ wrote: > Hey guys! > > Next Ubuntu and Mitaka are promising something ultra mega cool! > > Look at this! > > --- > root@mitaka-1:~# apt install neutron-openvswitch-agent > Reading package lists... Done > Building dependency tree > Reading state information... Done > The following additional packages will be installed: > dpdk libdpdk0 openvswitch-common openvswitch-switch > --- > > Xenial will brings DPDK-2.2 fully supported for 5 years! > > However, I am curious about the following scenarios: > > Will be possible to use, at the same time (same Network and Compute nodes / > Host Aggregate): > > 1- Regular OVS bridges without DPDK for VXLAN Networks, with > OVS-Firewall-Driver and; > > 2- OVS powered by DPDK for Provider Networks only ( without any firewall, > current case anyway, due to > https://bugs.launchpad.net/neutron/+bug/1531205). Currently, a host may run a single OVS agent, configured for either regular OVS or OVS-DPDK. You cannot run both on a single host. You can mix and match between different hosts though. It is something we discussed a bit, but no concrete plans to change this at this time. We could support this by allowing an OVS agent to support two datapaths simultaneously by configuring two integration bridges, each with its own type. We would add a DPDK VNIC type so Nova would plug the VNIC to the correct bridge. Each integration bridge would have its own bridge mappings (The kernel datapath integration bridge would be connected to br-tun or to a VLAN bridge, and the DPDK datapath integration bridge would be connected to its own set of VLAN provider bridges. Another way to accomplish this use case is to start two OVS agents on the same host, each configured appropriately, but we'd need to make changes to ML2 to support this, perhaps differentiate between the two agents via an agent_type and bind ports appropriately. Again, we'd need a new VNIC type for DPDK ports. > > ? > > I have NFV Instances that are also, DPDK L2 Bridges running on KVM Guest / > VirtIO, that are physically wired using Provider Networks (flat and vlans). > > So, for the Instance's vNICs (eth1 and eth2) that are used as a L2 bridge, > I don't want any kind of ovs-firewall (I'm not affected by LP #1531205 on > this case) and I want OVS+DPDK under it but, for SSH into the Instance to > manage it (via its eth0), it is still using regular VXLAN with Security > Groups - OVS-Firewall from now on (no need for DPDK under eth0 / VXLAN). > > I'm curious about this specially because the OVS Ubuntu package, makes use > of Debian's Alternatives subsystem, and we need to choose one OVS (default), > or another (with DPDK), via "update-alternatives", so, will be possible to > select OVS with DPDK but, use regular bridges with it as well (for VXLAN > networks)? > > If yes, how to create a VXLAN network with regular OVS and another > FLAT/VLAN network with OVS+DPDK ? > > Thanks in advance! > > Best, > Thiago > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Mitaka, Xenial, OVS Firewall Driver, DPDK, VXLAN and Provider Networks
Hi Thiago On Sat, 27 Feb 2016 at 23:58 Martinx - ジェームズ wrote: [...] However, I am curious about the following scenarios: > > Will be possible to use, at the same time (same Network and Compute nodes > / Host Aggregate): > > 1- Regular OVS bridges without DPDK for VXLAN Networks, with > OVS-Firewall-Driver and; > > 2- OVS powered by DPDK for Provider Networks only ( without any firewall, > current case anyway, due to > https://bugs.launchpad.net/neutron/+bug/1531205). > > ? > > I have NFV Instances that are also, DPDK L2 Bridges running on KVM Guest > / VirtIO, that are physically wired using Provider Networks (flat and > vlans). > > So, for the Instance's vNICs (eth1 and eth2) that are used as a L2 > bridge, I don't want any kind of ovs-firewall (I'm not affected by LP > #1531205 on this case) and I want OVS+DPDK under it but, for SSH into the > Instance to manage it (via its eth0), it is still using regular VXLAN with > Security Groups - OVS-Firewall from now on (no need for DPDK under eth0 / > VXLAN). > > I'm curious about this specially because the OVS Ubuntu package, makes > use of Debian's Alternatives subsystem, and we need to choose one OVS > (default), or another (with DPDK), via "update-alternatives", so, will be > possible to select OVS with DPDK but, use regular bridges with it as well > (for VXLAN networks)? > We're shipping two binaries due to the baseline CPU requirement for DPDK being above the general baseline in Ubuntu; the DPDK enabled binary supports all of the things that the vanilla binary does + DPDK. > If yes, how to create a VXLAN network with regular OVS and another > FLAT/VLAN network with OVS+DPDK ? > Not sure whether a mixed mode openvswitch deployment is possible on a single compute node - I can see how to switch between netdev and system based bridges in the agent configuration, but that applies at the agent level, not to specific bridges. Cheers James __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Mitaka, Xenial, OVS Firewall Driver, DPDK, VXLAN and Provider Networks
Hey guys! Next Ubuntu and Mitaka are promising something ultra mega cool! Look at this! --- root@mitaka-1:~# apt install neutron-openvswitch-agent Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: dpdk libdpdk0 openvswitch-common openvswitch-switch --- Xenial will brings DPDK-2.2 fully supported for 5 years! However, I am curious about the following scenarios: Will be possible to use, at the same time (same Network and Compute nodes / Host Aggregate): 1- Regular OVS bridges without DPDK for VXLAN Networks, with OVS-Firewall-Driver and; 2- OVS powered by DPDK for Provider Networks only ( without any firewall, current case anyway, due to https://bugs.launchpad.net/neutron/+bug/1531205 ). ? I have NFV Instances that are also, DPDK L2 Bridges running on KVM Guest / VirtIO, that are physically wired using Provider Networks (flat and vlans). So, for the Instance's vNICs (eth1 and eth2) that are used as a L2 bridge, I don't want any kind of ovs-firewall (I'm not affected by LP #1531205 on this case) and I want OVS+DPDK under it but, for SSH into the Instance to manage it (via its eth0), it is still using regular VXLAN with Security Groups - OVS-Firewall from now on (no need for DPDK under eth0 / VXLAN). I'm curious about this specially because the OVS Ubuntu package, makes use of Debian's Alternatives subsystem, and we need to choose one OVS (default), or another (with DPDK), via "update-alternatives", so, will be possible to select OVS with DPDK but, use regular bridges with it as well (for VXLAN networks)? If yes, how to create a VXLAN network with regular OVS and another FLAT/VLAN network with OVS+DPDK ? Thanks in advance! Best, Thiago __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev