Chapter 14. Configure Bridge Mappings

Below is an example of a patch-peer between br-int and br-ex:

int-br-ex <-> phy-br-ex

This connection is configured in the bridge_mappings setting. For example:

bridge_mappings = physnet1:br-ex,physnet2:br-ex2

This configuration’s first entry creates a connection between br-int and br-ex using patch peer cable. The second entry creates a patch peer for br-ex2.

The bridge_mappings configuration must correlate with that of the network_vlan_ranges option on the controller node. For the example given above, the controller node is configured as follows:

network_vlan_ranges = physnet1:10:20,physnet2:21:25

These values create the provider networks that represent the corresponding external networks; the external networks are then connected to the tenant networks via router interfaces. As a result, it is necessary to configure bridge_mappings on the network node on which the router is scheduled. This means that the router traffic is able to egress using the correct physical network, as represented by the provider network (for example: physnet1).

In addition to creating the connection, this setting also configures the OVS flow in br-int and br-ex to allow the network traffic to traverse to and from the external network. Each external network is represented by an internal VLAN id, which is tagged to the router’s qg-xxx port. When a packet reaches phy-br-ex, the br-ex port strips the VLAN tag and moves the packet to the physical interface and then to the external network. The return packet from external network arrives on br-ex and is moved to br-int using phy-br-ex <→ int-br-ex. When the packet reaches int-br-ex, another flow in br-int adds internal vlan tag to the packet. This allows the packet to be accepted by qg-xxx.

The manual port cleanup process removes unneeded ports, and doesn’t require a system outage. You can identify these ports by their naming convention: in br-$external_bridge they are named as "phy-"$external_bridge and in br-int they are named "int-"$external_bridge.

This example procedure removes a bridge from bridge_mappings, and cleans up the corresponding ports.

1. Edit openvswitch_agent.ini and remove the entry for physnet2:br-ex2 from bridge_mappings:

bridge_mappings = physnet1:br-ex,physnet2:br-ex2

Remove the entry for physnet2:br-ex2. The resulting bridge_mappings resembles this:

bridge_mappings = physnet1:br-ex

2. Use ovs-vsctl to remove the patch ports associated with the removed physnet2:br-ex2 entry:

# ovs-vsctl del-port br-ex2 phy-br-ex2
# ovs-vsctl del-port br-int int-br-ex2

3. Restart neutron-openvswitch-agent:

# service neutron-openvswitch-agent restart

This action is performed using the neutron-ovs-cleanup command combined with the --ovs_all_ports flag. Restart the neutron services or the entire node to then restore the bridges back to their normal working state. This process requires a total networking outage.

The neutron-ovs-cleanup command unplugs all ports (instances, qdhcp/qrouter, among others) from all OVS bridges. Using the flag --ovs_all_ports results in removing all ports from br-int, cleaning up tunnel ends from br-tun, and patch ports from bridge to bridge. In addition, the physical interfaces (such as eth0, eth1) are removed from the bridges (such as br-ex, br-ex2). This will result in lost connectivity to instances until the ports are manually re-added using ovs-vsctl:

# ovs-vsctl add-port br-ex eth1

# /usr/bin/neutron-ovs-cleanup
--config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
--log-file /var/log/neutron/ovs-cleanup.log --ovs_all_ports

# systemctl restart neutron-openvswitch-agent
# systemctl restart neutron-l3-agent.service
# systemctl restart neutron-dhcp-agent.service

# systemctl restart neutron-openvswitch-agent